Scott McNealy, the former founder CEO of Sun Microsystems, once famously remarked on Privacy : 'Get over it'. This was a very bold statement to make especially for the CEO of a reputed company but he nevertheless spoke out of his experience. Its almost ten years since that statement was made and anyone who even barely uses the internet today wouldnt disagree much with Scott, though all of us would still want to believe in a perfect world.
As an aside, Privacy and anonymity are closely linked though there are subtle differences. Anonymity is keeping ones identity secret while privacy can imply keeping identity plus other information secret. For the purposes of this post i will consider privacy and anonymity the same and use them interchangebly.
In my opinion, privacy and connectivity are complimentary ideas i.e. both cannot coexist. The moment you are connected to the internet, your privacy ceases to exist. I believe that this is an unfortunate but true fact and one that people often find hard to digest. But believe it or not, total privacy does not exist in a connected world. At some level, privacy is just like security i.e. there is nothing like total privacy just as there is nothing like total security.
I can offer many reasons for this :
To state simply, my Anonymity Paradox is :
So at one end we have people cribbing about privacy on the internet while at the other end we have bad elements basking in the glory of the anonymous internet. To me, it looks like this is the way it is going to stay. Just like fire does not know intent and it just burns whatever it is asked to burn, the internet just does what its being asked to.
Does this all make sense ?
As an aside, Privacy and anonymity are closely linked though there are subtle differences. Anonymity is keeping ones identity secret while privacy can imply keeping identity plus other information secret. For the purposes of this post i will consider privacy and anonymity the same and use them interchangebly.
In my opinion, privacy and connectivity are complimentary ideas i.e. both cannot coexist. The moment you are connected to the internet, your privacy ceases to exist. I believe that this is an unfortunate but true fact and one that people often find hard to digest. But believe it or not, total privacy does not exist in a connected world. At some level, privacy is just like security i.e. there is nothing like total privacy just as there is nothing like total security.
I can offer many reasons for this :
- Every time we do an online transaction and give out our Name, Address and Credit Card details, we are essentially "hoping" and trusting that the website will not leak out our data. Some informed users may go one step further and check if the website displays a secure logo like HackerSafe or McAfee Secure etc. Unfortunately, as detailed in this blog, it turns out that these certifications are mostly useless and can be easily sidestepped.
- Almost all websites that you browse will always log your IP address which can always reveal you or your ISP or your Organization. That is, you can almost always be tracked back.
- With the explosion of social networks and Wikis, we are getting into the habit of revealing too much information about ourselves, our families, pets and everything that was once personal to us to a much wider audience. This voluntary discloure of information is in effect resulting in very complex attacks on privacy as witnessed in the Sarah Palin and Paris Hilton case.
- The notion of Googling for information has caught on so much that we inadvertently reveal "stuff" about ourselves to google when we type in the search bar.
- Every time we open our gmail account and browse our emails, we also get with it some relevant advertisements placed alongside our emails. What this means is that there is a program out there that is parsing our emails and trying to "understand" us.
- Websites that measure website usage statistics such as Google Analytics also impact privacy in some way by storing information about your visits to websites(tracked by your IP) on its servers.
To state simply, my Anonymity Paradox is :
While it is difficult to maintain anonymity on the internet for the common user, the same internet offers a magical cloak of anonymity for hackers.I was myself amazed when this realization struck me. Users find it difficult to keep their identies secret but hackers get away with their mischief without hardly ever being tracked down. The big reason for existence of the malicious hacking industry is because of this cloakability that the internet offers. Purists might argue that the law has been able to track down hackers but i do not think they will disagree over the fact that the ratio of captures to hacking incidents is very apalling at best. Hackers typically get caught when they themselves make a stupid mistake which compromises their anonymity (for instance see how Palins hacker was caught).
So at one end we have people cribbing about privacy on the internet while at the other end we have bad elements basking in the glory of the anonymous internet. To me, it looks like this is the way it is going to stay. Just like fire does not know intent and it just burns whatever it is asked to burn, the internet just does what its being asked to.
Does this all make sense ?
4 comments:
True! Makes sense.
Regarding fear in giving out credit-card details, i like the pseudo-card creation facilities provided by banks these days. (In India, HDFC provides it).
Your real credit-card is registered at their e-banking A/C. Whenever u need to do a credit-card transaction, u simply generate a new e-card for the given amount which is valid for 24 hours only. This new generated 16-digit credit card number & the 3-digit CVC2 number are different from your original one & for the particular amount only. Pretty safe, this way...
@Anna,
An interesting point made. Same it true even in other 'living' aspect of life.
Easy to track a common man, but almost impossible to track a smart criminal.
P.S.
BTW, Anonymity is a stronger notion than Privacy.
In Privacy you know the identity of person and you do not disclose any more information.
In anonymity _nothing_ is known, identity itself is kept secret and not known.
@Saggy,
Yes, that indeed is a step forward. But it is far from foolproof, because the whole underlying security can be broken to the extent that you are revealing information to phised site, or even man-in-middle, etc! But indeed this will keep script kiddies at bay from stealing credit card info.
Regarding phising, HDFC took another step towards handling it recently, which I applaud.
They made it compulsory for all their customers to choose an image (from a list of many images) & a punch-line of your choice. Login has been made a 2-step-process. U enter your customer-ID. Then the page for entering your password opens. This page carries your chosen image & punch-line. When u see these u r assured of having been connected to the 'right' website. Now u may go ahead with the password. Here too a scrambled mouse-click-enabled-keyboard is presented to get over the keystroke-logger menace. For third-party-money-transfers, they further throw 2-3 questions (upto 5) at you (which u have already answered & registered with them earlier) to ascertain your identity. Only when u answer them correctly, does the TPT proceed. And all this takes place over the HTTPS protocol. Also, all transactions are sms'd to u on your mobile. What more can banks do? :)
Strangely, I see only HDFC taking such initiatives as of now, as far as Indian banks go...
Post a Comment