It is unavoidable in the 21st century,
With an Apple ID, connected to your iPhone, iTunes, icloud, etc. A Google account that connects to your Android phone, single sign-on, chrome browser, and search. Facebook and single sign-on for various Facebook enabled websites. Microsoft live IDs for Office 365, One drive, Xbox. You would inevitably end up using these ecosystems of services on a day to day basis.
For a majority of us, we rarely stick to a singular ecosystem. We use a variety of services, from different service providers. With all these services being very personally connected to our lives, how do we keep our data and privacy protected and tracked?
Most laymen are oblivious to the extent of how their data, preferences, and actions are tracked and traced by these service providers. How do we get a better grasp of how utilizing these services impacts us, as well as understand how our data is being used for profit by these companies.
The truly disturbing question we must ask ourselves is whether it matters to most of
In recent time, the issue of privacy and how our data was used to target us and manipulate us has come into the debate with the Russian influence campaign on the 2016 presidential election.
Skilled journalists have written much about Facebook and Cambridge Analytica’s complicity in making such a campaign possible. I have listed a VOX article that goes into depth on how social media data was used to profile you and flood you with misinformation to manipulate you.
Still, not enough is being said and done, to make the general public aware and understand how social media was used to manipulate and influence them.
So what steps can the general user take to protect his or her privacy and be more aware of the information they share online, and with their technology.
First, we must take the time to understand these echo systems of services. Each of these tech giants has caught on to the concerns of privacy and have privacy and security pages that allow you to have some control over what data is shared or harvested. Spend the time to learn what that means.
Keep track of your logins and access you grant to apps and websites you login to. Yes most, if not all of us never read the fine print on consent forms. In contrast, on mobile apps, the installation would actively ask you to grant permission to private data. For example, Uber does not need to have access to my contacts or media. We must be aware of and understand such intricacies.
If you use Google or Facebook’s single sign-on to authenticate on third-party websites, find out what information is shared, or avoid doing so at all. Single sign-on is, that little Google or Facebook button that gives you the option to “sign up with Google” or “sign up with Facebook”
Know and understand what browser cookies are, and how they are used. Know it’s not a coincidence that an hour after you search for luggage on Amazon, advertisements for luggage show up in your Facebook feed. Know what sponsored content is, from Facebook to Yahoo and where you see them.
Use a single browser. know what information is saved and where it is saved. Safari, Chrome and Firefox all allow for browser profiles, where site preferences passwords, bookmarks, and personal data is saved and made available across devices and platforms. This also means this data is handled by the browser.
Use Multi Factor Authentication (MFA) or a subset of MFA, Two Factor Authentication (2FA) . For example, every time I try and login to my google account on any browser, after entering my username, and password Google sends my phone, (Something I have -An Android phone) a notification that I must except, to be able to log-in. A second “factor”, separate from just my password, which in this case is authentication on my designated device, is used to make sure that I am not only authenticating, that I am aware that an authentication attempt is being made. This can be via a text message or app on your phone depending on which service you enable MFA on.
Note: Password is something you know, The Device you designate is something you have, and if needed, something the user is, which could be face ID or
Most importantly keep track of your online presence.
While this changing tech landscape requires an adjustment and vigilance on the users part, there is clearly an opportunity present.
What if there existed a service that would track and keep you aware of all the data that you have shared and protects your privacy and security. A single service that is transparent to you. that shows all the applications and sites you use, what information you have shared or given access to, from your mobile device to your computer accounts, to your browser.
With Apple announcing in WDDC 2019, single sign-on as service, the idea of security as a service has been mentioned, since it did more than merely provide single sign-on services. I would like to see a service that would take it further to provide security and privacy as a service,- SPAAS.
Apples single sign-on clearly takes the concept further than Facebook or Google. Apples single sign-on integrates with Apples Face ID and Touch ID—which provide strong security while also being quick and easy to use. Apple’s universal login will let you hide your email address from third-party services. Unlike Facebook and Google, Apple will randomly generate an email address on your behalf, which then forwards communications from companies and institutions to your real address. Apple also has a solid track record and reputation in protecting its user’s privacy and providing strong security.
Of course, this does complicate it for the average user and won’t be as seamless as we would expect it to be. But its clearly a step in the right direction. Single sign-on can always create a bottleneck and a single point of failure, but for the stringent protection of your data, again it would be a worthwhile risk to take.
Technology and how we interact with technology are changing daily. It