What can your grocery list tell hackers about you?
One recent social media phenomenon that straddles the line between funny and creepy is how various companies use their accounts. Whoever runs their Twitter, for instance, will generally tweet in the first person, as if the business is a person. Sometimes two or more profiles will even engage in some fashion with each other, like sparring sports mascots.
I mention this to highlight just how much effort companies today make to present a “human” face to the public. And as Vox points out, many people indeed find themselves in “unhealthy relationships” with these companies. Despite a new survey from the Consumers International and the Internet Society, which reveals 63% aren’t crazy about smart devices and 75% disapproving of their data sharing practices, it can feel like these commercial presences are an inextricable part of our daily lives, digital and otherwise. That goes almost equally for those doubters. The cognitive dissonance of their reservations about security while continuing to surround themselves with insecure devices, to immerse themselves in the Internet of Things, is nothing to wonder at.
According to some of the experts Vox consulted, ignorance is one candidate cause. It is often vague and ambiguous at best what data your connected devices are collecting: what sort of behavioral portrait they’re painting of you. Even the most seemingly innocuous of information—like a smart refrigerator detected what type of items you keep inside—can be combined with other morsels to create a clearer picture of a person. For a hacker, one compromised fridge could be enough to glean whether you were a vegetarian, how much you spend on food and how frequently, and perhaps whether you have kids.
We have touched on this before, where it pertains to children’s identities. Cyber criminals can patch together all the disparate, mundane data to forge a “synthetic identity,” essentially using minors to commit various types of fraud. Often, the children or their parents won’t even realize this until years after the fact. Of course, short of a successful lawsuit, they will most likely be left to deal with the damages. Not the company whose insecure product was responsible for letting the data be stolen.
Another inescapable cause, however, is that the benefits gained from this information gathering—convenience, personalization—outweighs the risks to privacy. As long as consumers continue with this perception, the situation will hold. It remains the responsibility of companies to ensure these treasure troves of data stay safe, to incorporate security into their part of the bargain with their customers. It’s the only way to keep the relationship from becoming a toxic one.