Online activities often expose our sensitive information to the unwanted attention of many prying eyes. Every time that we are connected, our data can be collected with or without our authorization by many different parties. Internal software or computer vulnerabilities can also worsen the problem by compromising our anonymity.
When all this information is combined like a puzzle, our privacy could be violated, and our information accessed by unauthorized sources. However, online privacy violations are not committed only by criminals such as snoopers, hackers and cyberstalkers. Worldwide scandals such as Edward Snowden’s leaks only exposed the tip of the iceberg, as they revealed how national governments such as the American and British ones spied on millions of citizens.
Many new tools and software keep promising to ensure our security while browsing the internet, or at least, to protect our privacy by preserving our most sensitive information. The main question is, do they really work? And if they do, to what extent? Let’s have a look.
Anti-Virus and Firewall Suites
Firewalls and anti-viruses have been a staple in internet security for years. Technically a necessity to keep our data away from evildoers, they are apparently required only by those “unfortunate” enough to work and browse in a non-Mac environment. According to what most Mac experts and users like to boast, these tools seemingly filled the security gap left by the many Windows vulnerabilities. However, recent reports from Malwarebytes found that Mac malware increased by 230 percent during 2017, suggesting that these problems might endanger any and all operating systems.
There are many anti-virus programs available online, and not every one of them needs to be purchased. Although the idea of free and open-source software might be enticing, the recent security issues that hit even Avast, the most-installed free anti-virus in the world, taught many users that there’s no door that cannot be opened by a skilled hacker (or so it seems).
Paid anti-viruses also seemingly had their own issues with privacy leaks, though. In September 2017, the U.S. Secretary of Homeland Security Elaine Duke required all federal government agencies to stop using software developed by the Russian tech firm Kaspersky Lab. Due to heightening tension between the U.S. and Russia, concerns arose that Kaspersky may provide users’ private information to the Russian government. Although Kaspersky obviously denied any wrongdoing, the haunting doubt struck the market and affected the opinion of many consumers.
Virtual Private Networks (VPNs)
With the increasingly widespread use of public connections and Wi-Fi hotspots, virtual private networks (VPNs) have become one of the most popular solutions to secure network access and all forms of online communication. Since the world of VPN services is split between free and paid services, the natural question is, once again, “is paying really necessary?” (Learn more about VPNs in Faceoff: Virtual Desktop Infrastructures Vs. Virtual Private Networks.)
For the most part, the biggest difference between paid and free services lies with many factors which are not related to security itself, such as data allowance and speed. However, some paid services also offer a 256-bit encryption working on much more secure protocols such as OpenVPN, rather than the standard PPTP. Yet, encryption only means that a VPN is harder to hack, but with enough computer resources applied to the decryption process, there’s no nut that can’t be cracked.
An important point, though, is how user information is handled by VPN providers. If a log of user activity is kept, anonymity can be breached, for example, when a government authority requests these logs to be submitted during criminal investigations. Some smaller companies found a legal way to get around this limitation by not keeping any log, which cannot then be requested, although many usually just keep their logs for a shorter time period. A very small handful of them, however, simply do not have any log at all. Period.
Private/Incognito Mode
Many browsers offer a so-called “Incognito mode,” also known as InPrivate Browsing or Private window. Although this “privacy mode” is still worth mentioning for the sake of completeness, it has nothing to do with online security – even a little. Literally like treating a gaping gunshot wound with a Band-Aid, surfing in Incognito browsing mode simply keeps your browsing history and cache hidden from anyone who has access to your computer.
Cookies are not stored, text written into search bars is not saved in autofill fields, passwords are not saved, and the pages you visited are not recorded. That’s pretty much all it does. It can help you feel a little more anonymous when your wife, husband or kids access your computer, but it does not prevent any website or ISP from tracking your data.
Internet of Things (IoT) Devices and the Myth of the Secure Cloud
The sheer amount of data generated by internet of things (IoT) devices is simply overwhelming. According to a report from the Federal Trade Commission, at least 150 million discrete data points are generated every day by fewer than 10,000 households. The amazingly high number of entry points for hackers has left sensitive information vulnerable for years, especially with malicious entities such as the Mirai botnet lingering around. The giant distributed denial of service (DDoS) attack that brought down the internet in Europe and the U.S. back in October 2016 already showed the world the potential extent of this type of attacks. (Learn more about IoT in Internet of Things: Who Owns the Data?)
With an estimated $1.4 trillion value by 2021, the IoT’s market is not going away, and consumers keep looking for low-priced, high-valued gadgets day after day. The question is, how much security is lost to keep the price of IoT devices as low as possible? How many vulnerabilities will go undetected as these cool gizmos are cheaply manufactured with no concern for data protection?
The same problem applies to cloud services, way too often boasted as “secure” even when they are not (and cannot be). Today, cloud services are, in fact, nothing but computers managed by offsite (often overseas) companies whose security measures may fail – often with catastrophic consequences. Issues might occur outside the boundaries of cybersecurity too. If a company declares bankruptcy, for example, all the data stored can literally become a no man’s land. And what happens when software changes its provider policy overnight such as CrashPlan did in August 2017?
Can Encryption Be the Answer?
A potential answer to all the questions regarding online privacy might be summed up in TecSec CEO and security specialist Jay Wack’s statement: “You cannot secure the network, only the data.” Data encryption might be, once again, the only viable solution. With so many access points and potential exploits, keeping hackers out of our systems just seems to be an impossible task. A potential solution suggested by many cybersecurity experts is to protect data with encryption. This way, hackers who force their entrance into vulnerable systems will still end up with a “loot” that has no real value since this data is unusable without a decryption key.
Many giants of communication have already implemented end-to-end encryption to protect the most widespread instant messaging services such as WhatsApp, Facebook Messenger and Apple’s iMessage. On the other hand, the largest of these giants, Google, still fails to keep up with them, and recently discontinued the E2Email security project. Email communications may be difficult to protect, but encryption still seems the most solid alternative to protect businesses and individual users from data theft.
Plenty of serious online threats might compromise our data and our privacy as well. Although newer technologies can give us a certain degree of safety against external attacks and prying eyes, hackers and evildoers keep working to breach them. Bottom line, only one thing can be said with certainty: As long as we have something we want to protect, there will be someone out there that will try to get it, no matter what.