Most people have no idea that their personal information is being leaked all over the place when they use the Internet. If your initial reaction is that you don’t care because you have nothing to hide, it’s time to re-evaluate that position. Someone who gets possession of your personal information can ruin your reputation and steal your identity. If you don’t want to live through that nightmare, you need to take steps to avoid it. More is leaking than you know and and more can be done with it than you think.
It’s not just criminals that should be a concern. For example, Verizon engages in some questionable practices and is far from alone.
Do you have “block third party cookies” turned on in you browser? If not, turn it on! Are you using a browser not capable of that? Stop using it!
It should be abundantly clear by now that it’s not a good idea to blindly trust the security provided by most companies. It seems that every week there are revelations about a new security breach, costing the loss of personal information from thousands and sometimes millions of people.
Bigness does not in any way imply a company is on top of security. It’s more likely to mean the opposite because as size increases, security becomes more complex. Neither is it reasonable to assume that companies which would suffer huge losses from a security breach are on top of it. It’s a moving target and staying on top if it is difficult.
Some months ago I tested the banking online pages at my bank. They got an F. This is one of the largest banks in the United States and they got an F. When I called them, they arrogantly and vehemently denied any problem. 3 days later I tested them again and they got an A. Obviously, someone had to wake them up.
Testing sites you use which need to be secure can be done at: SSL Labs. You will be surprised at the vulnerabilities in common sites. Try www.walmart.com at that site.
The things to think about are:
- Authentication – Is who I am talking to the same as who I think I am talking to? This was the problem at my bank. The site was open to impersonation with a vulnerability called cross site scripting.
- Data Integrity – Is what I am seeing correct? Has it been tampered with? When I submit information in a form, is the same information being recorded at the other end?
- Encryption – Can anyone eavesdrop on the conversation?
This is expanded upon in a video from Google:
One big take way from that is that the problem is not the leakage of specific information. It’s the leakage of patterns of behavior. That may seem ephemeral, but coupled with tiny bits of specific information it can turn you into a ripe target. As the general public becomes more aware, preference for sites using https is increasing. This is a good thing.
Last August, Google announced that sites using encryption would get a boost in search rankings in a blog post titled HTTPS as a Ranking Signal. Anyone running a web site should be running a secured site. The tiny expense is well worth the benefits.