Privacy, who cares?
In mid-April, the Sony “Playstation” and “Online Entertainment” networks were compromised and the records of nearly 100 million(!) users (names, addresses, dates of birth, e-mail addresses) were stolen. It even seems that the credit card numbers of these users where lost, too.
In a different case, a bug in the job portal of UNESCO allowed any applicant to access addresses, mobile phone numbers and salaries of probably hundreds of thousands of other job seekers dating back to 2006. But data loss is not only an accidental or malicious act: Apple’s iPhone and iPads (and to a lesser extent Android devices) store each position location of their owners since 2008, and it is yet unclear whether this data made it back into Apple’s headquarters. Facebook and Google are already known to harvest gazillions of records of user data with the aim of pin-pointing customer behaviour. It is not the first time that, before committing a crime, thieves have consulted the Facebook and Twitter profiles of their victim in order to figure out whether he/she is currently at home; Google maps is used for checking the property. Last but not least, the company behind the TomTom navigation software sold speed data as measured by individual car navigation appliances to the Dutch police (who will now put speed traps at the appropriate places).
It seems that privacy of personal information is nowadays widely ignored, at least on the Internet. Am I old fashioned if I consider my salary, date of birth, private life and credit card numbers being none of your business?
Please be careful. Giving away too much information means giving away your privacy! Think twice before providing personal data to even well-known web sites like Facebook or LinkedIn. Expose only information that is really necessary, and refrain from using sites which seem to be too “greedy”. Also, do not use the same password for different sites. Finally, if you are a developer of an application asking and/or storing personal data, ensure that your code is secure and does not leak data! Follow the appropriate CERN Technical Training courses for designing secure software, if in doubt.
Of course, if you have questions, suggestions or comments, please contact the Computer Security Office or visit us.
For further reading on privacy on the Internet, we recommend this article by Bruce Schneier.
