Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet. - Gary Kovacs
Out of curiosity, I looked up the timeline of recent data breaches from 2020 to now. Not surprisingly, the most significant leak is from Facebook - with more than 533 million users' data leaked. Other than that, in June 2020, just one month alone:
Meanwhile, this month, the most extensive password compilation, with 8.4 billion entries of all time leaked online.
There are over 8 Billion records involved in data breaches. In short, Our data is not safe online. Unfortunately, most of us do not understand the seriousness of the problem until we are one of the victims one day.
If you cannot imagine what the number of records is meant to you, according to the 2020 Cost of a Data Breach Report by IBM Security, the total global cost of a data breach averaged $3.86 million. And the average time to identify and contain a data breach was 280 days.
While the tangible cost is enormous enough, something intangible such as reputation, client loss, productivity, and stunted business growth extend the impact well beyond the technology domain and hit at the core of business value and performance.
While there was a spike of concern after the massive Facebook leaks, years of warnings from the security industry, government and non-government organizations have ignored. Despite the turmoil over the largest tech companies, many of us are still scrolling on our favorites social media feeds while waiting for our coffee. Our lack of interest in privacy is not surprising.
In most countries, we can pay cash but instead use a credit card because of convenience and "rebate." Installing adblockers and privacy protection extensions for our browsers is easy, rather not many of us do. We are fully aware that we are being monitored by governments, digital marketers, and employers. Sadly, we do little to hinder it. Contrastly, we actively engage, sharing personal information freely on social media.
We constantly monitor the online activity of people we know and do business with. Therefore, while we do cherish privacy, we cherish other things more. At the end of the day, the value of privacy is a relative concept. When there are options of price and convenience over privacy, most of us choose the former. You may disagree, but look at the biggest tech companies, and you will finally be convinced.
While we value privacy, we do little to preserve it. This concept is called the "Privacy Paradox." It was discussed in early 2017 - during the Facebook, Cambridge Analytica data scandal. At that time, we all think things would improve, and we will live in a better world.
Please be honest, when is the last time you actually read the privacy statement before clicking "I agree"? And who shut down the Facebook accounts after the previous data breach? Unfortunately, our attitude toward privacy does not change much.
Personal data flows freely and wildly on the web; some are even given up willingly, like all the selfies of ourselves and loved ones with complete geolocation tags and background objects that can tell more than an ID card.
Social Media platforms raise our comfort level with the internet, where data sharing can be careless or reckless. People tend to think of cyberspace as an imaginary place without boundaries where the rules and standards in the physical world do not apply. However, our shifting dependencies on smart devices and social media make it impossible to stay totally anonymous. Maybe some are lazy towards privacy, but most of us are facing privacy fatigue.
It would help if you had a much larger effort to stay anonymous than being "normal." Unfortunately, that turns out to create a growing demand on your mind to prevent leaving any digital footprint. People who have no social media presence and goes to the extreme to avoid leaving the slightest digital footprint do not mean they are all good - Anonymity does pay the price.
What tech-savvy, like me, are trying to do is "Intentional Anonymity" - we choose to keep privacy close to the vest. On the other hand, inference or, more technically, privacy inference attack makes anonymity not anonymous anymore.
In 2017, Facebook's People You May Know function put Sex workers' anonymity at risk. Without sharing any personal information but only going to the exact locations simultaneously, the regular clients saw the sex worker's actual Facebook profile on the feature and vice versa.
Inferential Anonymity refers to the data that an attacker can dig up personal information about an individual by leveraging a single fact. Facebook and Google are both "famous" for using inference to build a profile for a user and the relationship with other people, whether they are a user or not.
While staying away from Facebook is a safe way to disconnect, there are still ways people can learn about you. Without social media presence might stop old flames or long-lost classmates from tracking you down, but the doesn't mean you are anonymous from large corporations or government entities.
If you're a person of interest in an investigation, searching personal details like medical records, financial records, web history, or call logs is so easy now. Even worse, in the age of data breaches with rising and more extensive privacy concerns, digital services keep everything of your digital self on record. As a result, it is more than challenging to be undetected.
Again, unless you're willing to live without internet access or smart devices, it's practically impossible to go totally off the grid. Taking Facebook as an example, there are features called "off-Facebook Activity" and "Shadow Profile" explicitly designed for people without a Facebook.
Anonymity means "without a name" in Greek. It is the idea that everyone has an identity, but under specific circumstances, we can hide the identity and work covertly. Unless you are living in a cave alone, it is as bad as leaving fingerprints everywhere as being anonymous at all times.
Even though you may do as much as you can to stay anonymous, the cost of privacy would build up. For example, imagine you are looking for jobs. HR recruiters will look for the Candidates' LinkedIn Profiles for background checks instead of calling their previous employer for verification; Those who fail to update their profiles on LinkedIn and Facebook may miss out on professional and social opportunities.
If you are still not convinced, you should understand that people without any digital footprint are, if not more, suspicious and fake. Governments also look at targets with no digital footprint as they know it takes extra efforts to hide than leaving some.
We all enjoy privacy. We like to retreat to our places, retain conversations among family and friends. We want to live our lives to be our own and determine what we want to do with them. Most legal systems acknowledge this as not only a choice but really a human right.
On the other hand, we also want to take opportunities that the outside world provides. For example, we want to build credit ratings to purchase more at a lower cost. In addition, we like merchants, online or offline, to know our preferences to provide their best services. Privacy is not something we put a lot of attention or effort into keeping, but maybe we should. Sadly, we rarely understand the value of something until it's been lost.
We do care about privacy, after all. But it is not an easy task, and the internet makes it even harder. With too many hurdles in front of us to make us privacy fatigue, we are hardly breathing in the digital world with the single purpose to stay away from the targeted ads.
If we're going to value anonymity - to secure it as a fundamental right we are entitled to - it's going to take a lot more than just individual action. It is a lot more than encryption apps you install on your phone to prevent your boss from monitoring.
Luckily, the internet does not prevent us from have some private space offline. We all need some space where our most profound dreams and fantasies are kept secret and hidden away from anyone else. Personal space gives us the room to try out different thoughts and various sides of ourselves as humans.
Thank you for reading. May InfoSec be with you🖖.
Also published behind a paywall on Medium’s subdomain.