Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

The Biggest Risk to Your Privacy

I’ve written several privacy-related articles discussing the various aspects of risk we assume when we use technology. From the computers we use to the systems that run them, as well as the applications and tools we rely on, each adds risk of some kind of exposure.

And yet, in my experience, the greatest risk we’re exposed to has little do with technology.

It’s a risk we don’t think of – and yet I see privacy directly invaded more often due to this than any other reason.

Become a Patron of Ask Leo! and go ad-free!

The biggest risk is people

Even with semi-regular news of data breaches, hacking, and other technological intrusions, the single biggest cause for actual tangible privacy-related damage boils down to nothing more than… people.

I’m certain you’re already making assumptions about which people you should be concerned about. I’m just as certain you’re overlooking perhaps the most important group that puts our privacy at risk every day.

Let’s review some of the various classes of people involved in putting our privacy at risk.

Hackers, scammers, and other ne’er-do-wells

This is the first thing people think of when it comes to privacy invasions. We hear a seemingly endless stream of news and word-of-mouth reports of privacy hacks every day. It’s easy to think we’re under constant threat from evil villains trying to get at our data.

In a sense, we are. There’s no question that organized crime and other malicious entities have their sights set on gathering personal information and either using that for nefarious purposes directly, or reselling it to those who would.

Personal PrivacyWhile your data could fall victim to the individuals in this category, it’s important to realize they’re simply not interested in you as an individual. What they’re interested in is much broader; what they care about is gathering as much data as they can, or scamming as many people as they can. Particularly when it comes to scams, they don’t care who those people are, just that they’re vulnerable.

Perhaps in part due to the obviousness of this class, this is the group of people we most easily protect ourselves from, using technology and common sense. Security software of various flavors and layers, coupled with skepticism and our own smart habits, are our first, best line of defense.

Governments and government agencies

You may think I’m including this because I’m concerned your government is spying on you.

I’m not.

Oh, it’s certainly possible, and in some countries even plausible, depending on your own behavior and “value” to whomever might be watching. Once again, however, I believe strongly that most of us, in most countries, simply aren’t that interesting (or worth the effort) for individual government surveillance. It’s just not that big of an individual risk.

No, what makes government in general one of the largest threats to our privacy are the laws and policies they enact or fail to enact. Weak government policy and enforcement around individual rights and privacy makes it easier for others – in the government and elsewhere – to access and possibly misuse our personal information.

Most people never pay attention to this unless they’re already living under an oppressive regime, in which case it could be considered too late. I strongly suggest that paying attention and working within your system to ensure personal privacy rights is an important responsibility.

Employees, technicians, and policy makers

Many people are concerned about big business and corporations collecting and using our personal information.

I’m generally not. Excepting the previous point about making sure that government regulations are in place to protect my information, and corporate policies that similarly ensure my privacy – whether a legal requirement or not – I’m actually not that concerned about the information I’m certain is out there about me.

With one exception: when those companies get hacked or otherwise compromised.

That generally comes back to the people involved. I believe the majority of breeches boil down to individual people making individual errors.

One example might be the software engineer with little to no security experience placed in charge of the security of my data. All the good intentions in the world won’t make up for the inevitable oversight (which is probably more common than we suspect). Software developers and policy makers operate under a “features first, security later” approach that often pushes service development – and with it our personal information – beyond acceptable risk. Then, once a vulnerability is discovered, the hackers mentioned earlier swoop in to take advantage of the unintentional access to our information.

The most important thing you can do to secure yourself against these types of oversights is to know who you’re dealing with and hold them responsible and accountable for the security of your information. Do business with companies that have a proven track record. If you find you can’t – if you find you need the services of an unproven entity – be particularly wary of the information you choose to share.

Friends and family, business contacts, and associates

We share a fair amount of information without thinking about the ramifications of exposing ourselves to other people.

Sometimes that can even be literal. I frequently encounter individuals who come to me concerned that their video chats might be intercepted by some middleman. As it turns out, it’s not the middleman they need be concerned about when they find themselves being blackmailed by the individual at the other end of the conversation.

The fact is, there’s no technology – none whatsoever – that can protect you from the people to whom you choose to expose your information (or anything else). Any technology can be circumvented in one form or another by the recipient. If it can be seen, it can be copied – even if it’s just taking a picture of the computer screen while your sensitive details are displayed.

And of course, once something is posted publicly (and let’s be clear: all social media is “public”, regardless of your privacy settings), it cannot be recalled.

This is, perhaps, the single most common cause of privacy violations I’ve encountered over the many years I’ve been doing Ask Leo! – not big business or government, not massive data breaches, not malware, not even ransomware1 – but one-to-one interactions in which individuals simply share too much and later regret it.

This risk is only growing on social media, which creates an illusion of intimacy and safety while nothing of the sort exists.

You

You are the biggest risk to your own privacy.

By sharing too much on social media or trusting too easily when some stranger calls to tell you your computer has a problem, or by reaching out to the wrong people in times of technological crisis because you’re panicking, the biggest risk of all comes back to you.

And that’s great!

Now, why, after what might seem like gloom and doom about all the ways that our privacy can be compromised, am I so excited to point the finger at you?

Because the one thing you have control over is yourself.

You can become more knowledgeable. You can make better decisions. You can take responsibility for your privacy from here on out.

There’s no requirement that you become a Luddite and walk away from technology in general – Lord knows I’ve certainly not done that. What’s required is simply awareness – mindfulness, if you will – of exactly what, where, and with whom you share.

That last one is perhaps the most important: your privacy is all about the people you trust and share with.

Podcast audio

Play

Footnotes & references

1: Which is just malware. Particularly destructive, but malware nonetheless.

11 comments on “The Biggest Risk to Your Privacy”

  1. Long term, I believe the biggest threat to our privacy is the fact that we’re caring less and less about it. We don’t care too much about PRISM, we don’t care too much that companies track us across both websites and devices, we don’t care too much that data brokers build extraordinarily detailed profiles about us and are largely unregulated, and we don’t care too much that algorithms enable connections to be made between data sets, even when both sets are encrypted.

    Bottom line: the less we care about our privacy, the more it’ll be chipped away at.

      • Remember this?

        http://www.dailymail.co.uk/news/article-2102859/How-Target-knows-shoppers-pregnant–figured-teen-father-did.html

        I completely disagree with the contention that “they’re simply not interested in you as an individual” – sorry, Leo! On the contrary, I believe that they’re extremely interested in us as individuals. Compiling and crunching enormous amounts of data compiled from multiple sources enables governments and businesses to build very detailed profiles about us which can be used for everything from predicting our behaviour, deciding whether or not to lend us money, deciding whether or not to insure us, etc., etc., etc. Or even just working out whether or not we’re pregnant.

        • One thing we can agree on: “I believe the biggest threat to our privacy is the fact that we’re caring less and less about it.” Indeed.

  2. Obviously ISPs and large corporations don’t care what you do online as an individual. However, if the corporation is making a profit off your information then they should compensate all of those that it gathers information from. There’s no way to know exactly how much they’re making, or how much the information is making future profits for the company, but they still need to compensate those that it takes the information from. That’s what the big deal is; not the information but how will they compensate.
    The best way to counter the corporations is to set your browser to automatically dump all cookies on exit and use a VPN. Until they find a way to fairly compensate their customers for using their information, that’s what I have done and will continue to do.

  3. “While your data could fall victim to the individuals in this category, it’s important to realize they’re simply not interested in you as an individual. What they’re interested in is much broader; what they care about is gathering as much data as they can, or scamming as many people as they can. Particularly when it comes to scams, they don’t care who those people are, just that they’re vulnerable.”

    Near as I can figure, this makes cloud storage a risk in and of itself. Your not very interesting or valuable data winds up as ‘by-catch’ as the crooks go after ‘the big score’.

  4. “The biggest risk is people”. Oh, so true.
    A company may have the best privacy procedures possible. Yet, the carelessness of one individual could render it useless. When I read the news, I so often remember the movie The Atomic Train. It starts with someone committing three violations to send a nuclear device across the country, and ends with the device exploding. Every bad event in between was the result of noncompliance of individuals.
    A common expression says that we are our own worst enemies. We hand out all sorts of information and get upset if someone uses it in a way we did not intend. All the people using this data are doing is connecting the dots between what we freely give.
    I subscribe to several survey outfits, so a lot of my personal information is out there. It can be freely obtained by scammers, ad agencies, foreign entities, terrorists – just about everyone (except the US government) – to use as they see fit. I’m not very concerned, though. To most I’m just a number, just part of the background. Since my pre-tax income is out there, they know they wouldn’t make much off me. If they read some of my posts, they know that if I suspect any malware on my computer, I’ll just scrub it and load in my backups. I don’t use social media, so there is no “intimate” information about me (except what someone else may post).
    As Leo says – we have the greatest control over our own privacy.

  5. Yep, It’s us people for sure. Human nature.
    A few years ago I was in a hospital waiting for open heart surgery and out of boredom and to keep from seizing up I would walk the hallways and this took me by the nurses stations. Naturally I peeked at the computer screens. On night shift the nurses would be surfing the Internet and chatting with friends on facebook and checking their emails and whatever on the hospital computers. One nurse told me it was strictly against the rules.
    Management thought that everybody would obey the rules because they said so but in reality most didn’t.
    I’m no expert but I was thinking they were putting the hospital computers at risk and wondered why they could even do it.
    I didn’t judge them to harshly because if I was in their place I think I would do the same if I couldn’t bring my laptop.

    I live in a small town with many people that don’t have their own Internet connection so a few of them use my computer.
    I have observed them opening attachments when they didn’t even know who sent them and clicking on everything in front of them.
    I have repaired computers that haven’t been virus scanned for over two years.
    Many times I get computers that had the original Norton Antivirus expired. When I ask if they have virus protection they say yes it came with the computer.
    Some of them have downloaded and installed so much junk that it boggles the mind.
    My hobby is starting to get overwhelming. lol
    Oh yes it’s the people that are doing it to themselves. The weakest link people.

  6. Hey Leo, Welcome Back to the good fight.

    Good point that “Software developers and policy makers [practice a] “features first, security later” approach that often pushes service development – and with it our personal information – beyond acceptable risk”. It certainly applies to private custom-software sources: contract developers, IT departments, smartphone Apps, open source, freeware, and shareware . The user can never really know what exposures creep in from private sources.

    Private developers are not bad guys taking extraordinary risks. They are simply meeting a demand from their corporate clients. The developers practice “Features first, security later” because, WE, their clients demand it. Have we ever seen a contract for outsourced software that read “We’ll pay when you’ve delivered all of the function to our satisfaction, but by all means take all the time you need to shake out all possible security issues”? When our bottom line is on the line, our own corporate priorities are “Features first, security later”.

  7. I’m sure there are many people who don’t even know about the companies, and data mining and fact gathering. Ignorance is bliss! One such company is Rapleaf. I won’t profess to know much about them either, except that when you watch the videos (Wall Street Journal), they’re just a little scary. Some of this info is from 2010, and this is 2017. How much have they advanced their mining techniques. Here are several links taht still work. Some articles from WSJ are no longer accessible.

    http://www.wsj.com/video/digits-how-rapleaf-mines-data-online/6B7F29FE-4A2C-4619-BCB7-CCCE5EB35F62.html

    https://gigaom.com/2010/10/24/what-rapleaf-knows-about-you/

    https://gigaom.com/2010/10/18/rapleaf-facebook-privacy/

    http://ebiquity.umbc.edu/blogger/2010/10/24/how-rapleaf-is-eroding-our-privacy-on-the-web/

    And is it just a coincidence that Rapleaf’s “Opt Out” web page is no longer accessible at https://www.rapleaf.com/opt_out At least I couldn’t access it tonight. These companies are scary. Knowledge about them is a valuable tool.

    Another good one to read: DATA RAPE: The New Direct Marketing at http://www.targetmarketingmag.com/article/some-marketers-step-over-line-amount-consumer-data-collected/2/

    Learn, and protect yourself!

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.