Do you care about your privacy? By the rising of technology, everything starts to depend on internet. Especially from 2016, I can feel the development of internet is accelerating in a high rate. More commercial companies are created because of the people’s dependency on internet. It induces people’s attention toward their privacy, is it licking out to the market or not. In fact, mostly, people’s information is leak because they do not have self-awareness, or their information is stealing by computer virus and website they visit.
As people start to spend more time on their cell-phone, visiting website, shopping and playing games. On the other hand, advertising companies are seeking a new way to improve their incomes, so they covert their working pattern from offline to online. They add their advertisement to everywhere, even push out personalize advertisement service. For example, when you are seeking for studying aboard, and register on a public forum to ask other people about their opinion. The next day, you will receive a call from oversea education agency, to ask you if you want to study aboard. In this case, this is so called “information leakage”.
Information Leakage is an application weakness where an application reveals sensitive data, such as technical details of the web application, environment, or user-specific data. Sensitive data may be used by an attacker to exploit the target web application, its hosting network, or its users. (Auger,2010). Many websites require user to fill in their personal information ensure they can provide full service from that website. For example, ETS (Education Testing Service) and College Board, a standardize test that most college in United State and some countries accept.
When you are signing up, if you look carefully what they mention in their privacy policy “Subject to your choices, provide you with marketing communications, surveys and offers for products and services from ETS and our partners, including personalized offers based on your usage of our products and to manage your communications preferences.” (ETS, 2018). Also, from College Board, they state that “We partner with a third party to manage our advertising on other sites. Our third-party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. “(College Board, 2018).
The literal meaning on their statement is that they will only share information with their 3rd party partner, but they cannot control how these 3rd partner use the information they receive. On the other hand, another factor that can cause information leakage is computer virus on the website server or on the computer itself. A recent news show how serious the information leak is. “Question and answer website Quora said Monday night that account data, including private messages, of around 100 million users may have been exposed after a “malicious third party” gained access to one of the company’s computer systems.” (Newcomb,2018). This is a case happened on December 5th, 2018, which is more serious than other information leak because it is the biggest Q&A forum in United State.
If all the account information is leak, this potentially means their personal information will be use in an illegal way and could cause more problem to them, like money lost or other account lost. Typically, information leak from a website can be found on darknet and other public forum, attacker sell their “spoil of war” and gain benefit from it. EU came out a new rule called GDPR in 2015. “General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. The GDPR requirements as well as the amount of internal collaboration that will be needed to address them means organizations need to plan for compliance now.
The primary objective of the GDPR is to give citizens back control of their personal data. Once GDPR takes effect it will harmonize previous and other data protection regulations throughout the EU.” (SafeNet, 2018) EU notice that people’s personal information is not being well protected these days. Lots of data had been expose into public forum, result in some user’s information are being used in illegal way. GPPR is considering to be the most serve policy on personal privacy. According to the policy, only process data for authorized purposes, ensure data accuracy and integrity, minimize subjects’ identity exposure and Implement data security measures.
Organization that cannot follow the policy made my EU will confront a massive fine to pay. “Google, Facebook, Instagram and WhatsApp have been hit with privacy complaints within hours of GDPR taking effect Friday — complaints that could carry fines of up to $9.3 billion in total.”(Getty,2018)In this case, EU consider Google and Facebook violate the policy and asked by EU to pay a massive fine. After this happened, many websites start to modify their privacy protection policy to ensure they follow the rule. In fact, it is still not effective, after the new policy enable, some website still has low security on their protection on database. Not only the government taken by the government, people should be aware on the information they provide to web service or other organization.
Security education should be provided, teach people how to deal with information leakage and how to prevent it. It is suggesting that people should change their password frequently, sensitive data should be secure in a separate place with encryption. However, it is hard to use social media without entering the basic information. In this case, people should aware what they type in, only provide basic identification is enough. On the other hand, internet is the most thing that people use the most. It is purpose that when people logging in to online service, always check the connection between the website server and the terminal is secured.
Moreover, try not to use public Wi-Fi. Even it is good to have a Wi-Fi connection in the public shop, but it always requires you to fill you essential to register as their member and then you can use the network service. In conclusion, even though it is a risk that if people do not have any awareness on their information and no security on their device, but it is a solvable problem. Government has already acting to prevent data leak, still, individual should be responsible for their privacy.