In the news, the “shocking!” headlines today scream about the NSA and the 5 billion phone records they collect per day. Well folks, I’m here to tell you right now: That’s chump change.
I mean, let’s face it. Do you really think any of this data is useful?
At the same time, the same people worrying about raw data falling into the hands of the NSA have no idea how much of their own information they are freely giving to social media entities such as Facebook and Google.
Somehow people have become more comfortable with companies like Facebook or LinkedIn “spying” on them, and consider the NSA “spying” an affront to civil liberties. Apparently, it’s ok with the public for companies to leech information from their users and sell/share it to/with… who knows (?), as long as they have the users’ initial permissions to do so.
Let’s take a look at the logic here concerning the privacy of your personal information:
- One organization, the NSA, whose mission it is to help protect this great country (supposedly)
- Internet social media giants, whose mission it is to make money from the information they collect from you. And are under no obligation to protect this information.
And yet, people still freely give out information, more information than ever before, more information than the NSA could ever get and at real-time speeds, to entities who deal in collecting, trading and selling personal information. Entities who also tend to lose that information to cyber criminals.
So what’s the big deal with social media sites?
Being active members of social media sites like Google + aren’t really a huge issue when it comes to your privacy, I mean, you’re already putting it all out there for everyone to see anyways. You just need to filter what you put out there.
There may be some cases where you don’t realize that anything you put on their sites essentially belongs to them and they can use it for whatever purposes they may deem profitable. Most commonly they would use it for targeted advertizing and marketing. It’s the uncommon, unknown uses you should be worried about.
The websites are no where near as bad as their phone app counterparts. For example, I used to be a fan of the LinkedIn phone app. But the other day, with a new “update” that was supposedly made to fix some “bugs”, LinkedIn also added a new permission request that involved accessing your contact data (your identity) and allowing them to give anyone else your contact info.
My answer to this was, “No, you’re done LinkedIn.” I promptly removed the app from my phone.
Let’s take a look at many of today’s social media phone apps and the information you give those companies. First, here’s a comparison between some Facebook permissions versus Google + permissions:
Some apps require permissions just to operate properly. Completely understandable. However, crossing that line and pushing the permissions above and beyond is what is in scope here.
Here are some of the recent permissions we give those social media companies:
- Allow the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other wayts to specific individuals.
- Allows the apps to modify and save your call log (not to mention just read all your call logs).
- Allow the app to share and save your calendar data.
- Services that cost you money – Allow the app to directly call phone numbers.
- Access to recording devices (microphone and video).
- Allow the app to know your location.
Why does Facebook need all my phone records (call logs)? Why does Facebook need access to all my contacts? My friends would NOT appreciate that. I don’t want to sync my contacts in any way, shape or form to Facebook.
Why do they need to have access to my other accounts and be able to modify them? Why do they have the ability to record me without my permission?
There is a difference between the app performing an unattended function and the app performing a function because of user interaction. I can understand why the Facebook app wants to have hardware access to the microphone for example… because it will allow the chat portion to send voice messages you record.
My question is, what’s stopping the app from arbitrarily recording you anytime, without your knowledge or interaction? Nothing’s stopping them from reading your emails and your call logs right now, so why not record those phone calls while they are at it?
Social media apps have one goal in mind – to get you hooked, to the point where you think you can’t live without it being on your phone, and then start silently grabbing more and more of your personal information as you become more dependent.
Like a drug dealer, once they have you hooked, they have your life, and they know you will freely give them whatever they want. The same information you would never freely give to the NSA. Yet we give it to total strangers.
The NSA has it all wrong here folks. They should’ve gotten into the Internet social media game a long time ago. Imagine a Government “spying” agency behind-the-scenes running a popular social media site.
Who needs warrants or has to worry about gathering information when people would freely give away all their personal information, their locations, their phone calls, take secret videos and record their conversations in real-time….?
About the Author: Marc Quibell (@quibellm) is an IT Industry veteran having serviced people and companies for over 20 years in various capacities as an IT professional. For the past 10+ years, Marc has worked solely with IT Security. After doing some time in the Marines and a few years of odd jobs, Marc was able to focus his attention on college and then an IT career. Throughout his career, Marc has served many customers, something he loves to do, from soldiers in Fort Hood, Texas, to many years later serving the Army again in worn-torn Afghanistan as an Information Assurance Security Officer and contractor. Marc is currently CISSP and CRISC certified and works at Redspin, INC., an Information Security Assessment company.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Over-Sharing Riskier than Government Snooping
- Christopher Burgess on Senior Online Safety
- Adobe Breach & Public Libraries: When DRM Attacks
- Security is a Process, Not a Destination: Have You Given It Your All?
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
This publication is designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture.
The author, a security and compliance architect, examined each of the Controls and has distilled key takeaways and areas of improvement. At the end of each section in the e-book, you’ll find a link to the fully annotated complete text of the Control.
Download your free copy of The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities today.
Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
* Show how security activities are enabling the business
* Balance security risk with business needs
* Continuously improve your extended enterprise security posture
Title image courtesy of ShutterStock