Updated: Jan 25, 2022
// What separates them? Which is more important?...
Hey Hackers! Today I wanted to discuss the importance of privacy and security. These two topics are the fundamental ideals of the ethical hacking & cybersecurity world. However, one is often prioritized over the other. Why is that? Why can't there be a balance between the two? Well, there can be, there will be. A company where privacy and security are equal, welcome to Cosmodium CyberSecurity!
“People shouldn't be afraid of their government. Governments should be afraid of their people.” - Alan Moore, V for Vendetta
//What is Privacy?
Privacy is our right to keep our information private and out of the view of others. Our private information should never be breached unless there is some sort of "social contract" in place. Typically, a social contract is an agreement between a government and its people. In this agreement, the people give up certain freedoms for governmental protection, order, and services.
An example of a social contract is how students may lose their freedom of speech [having to raise your hand to ask questions] in order to go to school and obtain an education. It's a bad example but should give you some context.
But when I say "social contract" I'm referring to how you will give up certain privacies for certain securities or services. When you check the "Terms and Conditions", you are accepting a social contract of sorts. When you are making an account for a password manager, you are allowing that service to have access to your passwords. In exchange, they provide security services for all your accounts. This I would consider being a good social contract, an even trade of privacy and security without being too privacy-invasive.
A problem arises with these so-called "Social Contracts". When you check those Terms and Conditions, you are subjecting yourself to privacy invasion. Privacy invasion is the process where certain services you may be subscribed to collect and sell your data to third parties. This collected data is typically used for marketing, advertising, and statistics. However, this collected data is often used to generate a profile off of you. This data collection can often hit certain eye-raising extremities. Like how Target's product suggesting system was able to determine a woman was pregnant simply off of her recent shopping history. Target's algorithm continuously recommended her different strollers, diapers, and infant products. This doesn't sound too bad until you learn that Target was able to determine that she was pregnant before her own father knew.
Another concerning proposition about data collection is how vulnerable these third parties may be. If a hacker were to obtain unauthorized access to a third-party data collection system, they would [hypothetically] have access to thousands of complete advertising profiles. This would include information like your name, DOB, shopping habits, age, location, and more. The worst part about this is that you can't really control it. Do you ever wonder why companies like Google or Facebook make so much money on free products? By selling your data! Now, this is where security comes in.
//What is Security?
Security is what protects your private information. It is what is actively trying to prevent external forces from coming in and collecting, stealing, or selling your data. These external forces may range from hackers to data collection systems. Security is also meant to protect you and keep you safe online. Security prevents unauthorized users from gaining access to your internet life. We rely on security as our first line of defense on the internet.
But we can also be our own line of defense. By using stronger passwords we can prevent hackers from easily decrypting our credentials. By not using public wifi hotspots, we can prevent hackers from monitoring our traffic. By using different passwords on different accounts, we can prevent hackers from hacking one account to then gain access to multiple accounts. Please, be safe online!
//The Problem in Security:
It is ok to rely on an internet security service, the problem lies when that security service is no better than the data collection systems that it is "protecting you from". Most free and some subscribable VPN [Virtual Private Nertwork] services may collect your data. This is a common reason why people use TOR [The Onion Router] as means to privacy and security. TOR is a browser that makes all of its users look virtually identical. This makes it difficult to be singled out based on your device information. TOR has a multilayered encryption process, hence, The Onion Router. TOR has no data collection and truly provides a sense of true privacy and security.
Another problem in security systems is the ecosystem. An ecosystem [in the tech world] is a closed network or system that allows for user ease of access. Trying to access information within this closed system is often tedious or requires a third-party system. For example, Apple. Apple is one of the most famous companies for its ecosystem. Let's say you have an iPhone. You wish to transfer some photos to your laptop. In Apple's ecosystem, your photos are synced across devices. Your Macbook, iPhone, and iPad are always being updated with your most recent photos. This provides users with ease of access. You don't need to transfer photos that are already there. But if you have a Windows-based laptop [a device not part of Apple's ecosystem] it's a lot more challenging to transfer your photos. You'll either manually plug in your phone or rely on third-party software [Google Photos, email services, etc] to transfer the photos.
A problem occurs when an ecosystem is breached and an unauthorized user obtains access. Then they could easily remove your access and own your ecosystem. Like if you use a password manager like LastPass or Dashlane. If an unauthorized user were to gain access to your password managing service, they would be able to control or use any account listed within it. Although this type of attack nearly impossible [due to most password managing services being highly encrypted and protected], it is still good to consider not completely relying on certain security services.
//Which is more important?
At the end of the day, it really comes down to the social contract I brought up earlier. How much is the privacy security ratio worth to you? Are you willing to lose certain privacy's to have access to a certain product? With something like YouTube [that requires a Gmail accounT] I am willing to deal with that collection of data in order to post my content to you guys. A way I can protect myself is to use certain emails for certain online services. This idea was proposed by fellow YouTuber “The Hated One”. His video is displayed below:
Anyway, I hope you were able to gain a better understanding of the differences between privacy and security. Hopefully, you are now better able to prioritize them in your life and day to day applications. Make sure to leave a like on this article, and I’ll see y’all soon! Thanks for reading, and as always,
© 2021 by Cosmodium CyberSecurity LLC