The days are getting longer, winter is drawing to a close, and it’s beginning to feel like spring. As you make your spring cleaning “to-do” list, have you given any thought to how you could better protect your privacy?
We are regularly told to block or ‘clear our cookies’, or use a private browsing mode, if we don’t want to be tracked as we visit websites. Website operators and marketing, advertising, and other tracking companies, however, have developed other ways of tracking us, called ‘fingerprinting’, which work even if you clear or block your cookies. How prevalent is this kind of cookieless tracking? How accurate is it? And what are the implications for our ability to control our personal information and protect our privacy interests?
Facial recognition technologies can quickly identify who you are by automatically analyzing your facial features. The characteristics of your face (your biometric information) may be collected when you apply for an identity document like a passport, when you get your photo taken for an employee badge, or when you upload photos online to social media websites.
The way we interact with our digital devices has evolved over time: from specific commands in command line interfaces, to graphical user interfaces (GUIs), to touch-based interfaces. Virtual assistants (VAs) are the next step in this evolution, and they present new privacy challenges. These assistants, such as Siri (Apple), Alexa (Amazon), Cortana (Microsoft), or simply ‘Google’, are designed to respond to your spoken or written commands and take some action. Such commands let you place phone calls, order a car service, book a calendar appointment, play music or buy goods.
Virtual Private Networks (VPNs) let you establish a secure communications channel between your computing device and a server. After connecting to the server, you could gain access to a private network that has work files or applications, or use the server as a relay point to then access Internet content when browsing from a public network.
Traditionally, we have logged into online systems using a username and password. These credentials are often being compromised, however, when databases containing them are breached or we are tricked into providing the information to fraudulent individuals or websites (often through phishing or other social engineering attacks). Once these credentials are compromised, attackers can use them to log into the associated online services. Even worse, because people often reuse their usernames and passwords, the attackers can access multiple services.
Canadians’ mobile devices are filled with applications that collect personal information, including identifiers that are engrained into different parts of the devices. But what exactly are these identifiers, and how are they used?
Ransomware is a type of malicious software (malware) which, when installed on a device or system, prevents access to that device, or that device’s content or applications. Once installed and operational, the malware prompts you to pay a ransom to restore full functionality to the device. Personal or sensitive data have been targeted with ransomware, or accessed when attackers were rifling through organizational computers or networks. In fact ransomware has affected a range of devices, including those running Windows, OS X, and Android, and has affected healthcare providers, police services, public schools, universities, and various types of businesses, in addition to individual consumer users. It’s an increasingly prevalent issue, with Symantec estimating that Canadians were affected by over 1,600 ransomware attacks a day in 2015.