Privacy Lessons from My 70-year-old Self

Micro Focus Expert
Micro Focus Expert
1 0 1,218

Privacy Lessons from My 70-year-old Self.jpgWith social media challenges, photo apps and privacy concerns on the rise, I couldn’t deal with peer pressure to download one of those apps (I used the popular FaceApp) and see what I’ll look like at 70. I regretted using the app moments after the excitement wore off and thought about what my 70 year old simulated future self would say about privacy:

  1. Be Scared (You Must): Any digital footprint you create exists forever and you don’t know where it will bite you in the back. The content you’re creating (even if you’re using a fake profile) will find you thanks to advancements in facial recognition, big data and artificial intelligence.

By using apps or online services, you give away the usage rights of your content (pictures, video or other formats) forever and you gift the technology vendor your content. You lost control of the content once you signed that user agreement. What they will do using your information will be completely up to them from then on. With the dissemination and replication of data using today’s technology, there is no such thing as a contingency plan (legal or technical) when things go south.

To add to that, services collecting personal information of sorts are known to harvest these data and turn data into profit: The use cases can range from improving facial recognition algorithms to gathering demographic information to even creating fake profiles for individuals.When you combine harmless-looking pieces of private information together, you can do a lot of damage.

  1. Ever Heard of Breaches?: Even if the app or service provider have your best interest at heart and are sensitive about your privacy, attackers certainly will not be. When there’s a breach, attackers will not think twice about exposing sensitive data or using sensitive data to make a fat profit. I think the “data is the new oil” quote attributed to Mathematician Clive Humby explains this concept perfectly.

    DataIstheNewOil.png
    What was legitimate data for the app or service provider (with your consent on the user agreement) will be an illegal source of profit for a cyber attacker. When you consider how giant corporations (who spend 10s if not 100s of millions of dollars on cyber security) get breached and expose user information, it’s safe to assume that this new “cool” startup is more susceptible to attacks than mature organizations. (I know a few startups are using Fortify on Demand to secure their applications and customers, but it’d be a lot cooler if they all did. After all, application security related vulnerabilities still account for the majority of breaches out there.) So you should expect at least one of these providers to be breached. And the sad part is, you’ll probably never know when they do. Neither is there anything you can do about it.
  1. Life Goes On: Yes, you may or may not have made a mistake by uploading your photo or your personal information on that app or online service. That challenge was fun at the time, but was it worth it? If the app or service was free, what was the real cost for you? What or who was the real product? Could you have been staring right at it in the mirror this whole time?

All that said, life goes on and you should learn from this experience. Get smarter and think twice before you join that viral challenge or campaign on social media!

About the Author
Application Security, Penetration Testing, Security
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.