UP802983 2016/17

Mitigating Personal Information Exposure on the Web

Abstract

Tailoring webpages and applications to our needs is based ostensibly on the way we browse and use the web; relevant software is without doubt essential to ensure that our experience during this process is both fast and efficient. This efficiency is controlled by many components, such as security, type of information, validation of information content i.e., reputable and accurate; and is especially important in the gathering of personal information. Additionally, most website and software frequently used today provide extensive security to ensure that the information that is being gathered from the end-user is safe and secure on their system; these features are built-in, seamless and inconspicuous to the user. However, exposure of this information through hacking or other breaching methods e.g. physical robbery is still a possibility, and in some cases very likely, to happen. This puts the user’s information at high risk of being leaked online or sold to criminals that intend on committing fraud with your personal details. So how are these exposures mitigated?

Firstly, Camp (1999, p249) suggests that data that is anonymous or not linked to a specific individual can be detailed and concise, but should not threaten the individual that it refers to, i.e., keeping yourself and information about you safe on the web from criminals.

However, Muftic (2016, p2) tells us that being anonymous on the web raises a threat to those less anonymous. Information theft and other crimes such as “ransoming” becomes difficult to prevent based on this anonymity, as the attacks are often so convoluting i.e., traceability, that it becomes difficult to trace back to a specific person or group, who are perhaps highly organised, and equally efficient in their endeavours. This could mean that if everyone was as anonymous as each other, it is likely that information exposure could be a decreasing problem, as everyone would perhaps have the same level of knowledge about other anonymous users on the web.

Personal Information may only be retrieved through your actions, whether it be voluntary or involuntary. Social networking groups on Facebook are mainly built on the retrieval of personal information, and are mostly required to be part of that community, i.e., a process by which “trust-is- built” between users. This information exposure serves to reinforce this trust between users (Po- Ching 2016, p3302), including the facilitation and establishment of healthy relationships, both social, and professional. However, it allows people within social networking groups to access this information – thereby exposing yourself to these unknowing dangers with unwanted repercussions that are out of your control (Lam 2014, p167).

Even though you may be responsible with your information, friends may inadvertently reveal information about yourself on their own profile (Po-Ching 2016, p3302). In this context, criminals are able to easily view your personal information based on the interactions you have with friends; this aspect of a web based relationship is out of your control, and venerable to a breach in security.

As of 2016, Facebook alone has 1.59 billion active users (Dave Chaffey 2016). Facebook have introduced extensive security methods to ensure that your personal information remains private, as far as it is possible to do so. These include, periodic changes in your password i.e., every 90 days, not becoming friends with anyone online you do not know, restricting access to your personal profile to just your friends and not the public, and not providing your entire date of birth. (Dave Chaffey 2016). Social engineering attacks are able to be made on banking or other accounts using this information. The most common questions that banks ask when verifying users are “What is your mother's maiden name?” and “what was your first pet's name?”. These small snippets of information could be displayed inadvertently, on your profile by perhaps yourself or friends and family. (Gallant 2011).

Cassim (2015 p79) tells us that the companies that retrieve information from users must be registered with an Information Protection Regulator, and have an Information Protection Officer to ensure that the data that is processed and collected, after consent from the user, complies with the relevant data protection act. These regulations, if followed properly could prevent the exposure of information.

It is clear that information within large corporations must be kept safe in case of information hacks and leaks. In 2014 Yahoo was hacked and 500 million accounts were compromised that included unwarranted access to usernames, emails, hashed passwords and encrypted security questions (Kif Leswing 2016). This was potentially due to a state sponsored actor who was able to compromise security questions by the simple retrieval of maiden and pet names, and memorable dates, etc. (Tim Bradshaw 2016). Yahoo have since launched a program to mitigate these exposures and breaches. Since this program's inception, 10,000 users have been notified that they were targeted. Yahoo have asked users to “consider using a simple authentication tool that eliminates the need to use a password altogether” (Kif Leswing 2016); this approach would seem to be successful, for the moment.

Conclusion

A recurring theme when discussing information exposure is that the information you provide is only as safe as you want it to be. Data that is entered anonymously by a user into any online form can never be tracked back by criminals, therefore could be rendered useless. It is up to the user to make sure that they are cautious about what they input, and where they input data on the web. It has become apparent that even if the user doesn’t realise they have disclosed any information they could well be giving criminals the right information they need to breach their personal data and therefore, unknowingly exposed to theft.

References

Camp, L. J. (1999). Web Security and Privacy: An American Perspective. Information Society, 15(4), 249-256. doi:10.1080/019722499128411

Muftic, S., bin Abdullah, N., & Kounelis, I. (2016). Business Information Exchange System with Security, Privacy, and Anonymity. Journal Of Electrical & Computer Engineering, 1-10. doi:10.1155/2016/7093642

Cassim, F. (2015). PROTECTING PERSONAL INFORMATION IN THE ERA OF IDENTITY THEFT: JUST HOW SAFE IS OUR PERSONAL INFORMATION FROM IDENTITY THIEVES?. Potchefstroom Electronic Law Journal, 18(2), 69-110.

Kif Leswing (2016). Yahoo Confirms Major Breach - and it could be the largest hack of all time. Retrieved from http://uk.businessinsider.com/yahoo-hack-by-state-sponsored-actor-biggest-of-all-time-2016- 9?r=US&IR=T

Po-Ching, L., & Pei-Ying, L. (2016). Unintentional and Involuntary Personal Information Leakage on Facebook from User Interactions. KSII Transactions On Internet & Information Systems, 10(7), 3301-3318. doi:10.3837/tiis.2016.07.024

Lam, F, Chen, K. T. and Chen, L. J. (2008). Involuntary Information Leakage in Social Network Services. Advances in information and Computer Security, Chapter 10 doi: 10.1007/978-3-540- 89598-5_11

Dave Chaffey (2016). Global social media research summary 2016. Retrieved from http://www.smartinsights.com/social-media-marketing/social-media-strategy/new-global-socialmedia-research/

Gallant, D. T. (2011). Protecting Personal Information on Social Networking Sites. School Business Affairs, 77(1), 13-14.

Tim Bradshaw, Madhumita Murgia and Adam Samson (2016). ‘State-sponsored actor’ stole data from 500m Yahoo users. Retrieved from https://www.ft.com/content/0ebde3b4-80fb-11e6-8e50-8ec15fb462f4

Feedback

Grade: 68/100 (68%)

Graded by: Rich Boakes

Graded on: Thursday, 22nd December 2016

This is a good literature review. [4]
A competent introductory level critique. [3]
Evidence of well reasoned synthesis of ideas. [3]
All primary or justifiable mixture of primary and secondary. [4]
Perfect APAv6 [4]
Well organised in parts. [3]
Minor errors in spelling or grammar. [3]

up802983 | University of Portsmouth 2016-2017 | validate this page!