Privacy Protection From Big Brother (Google and Other Corporations)
Google wants to know whether you change your underwear everyday. It’s that simple. They want to know everything about you. Part of your online security is not letting Google or others know everything about you. Why you may ask? Because they can sell that information to employers who want to conduct a background investigations, serve you targeted ads enticing you, and who knows what else. While arguably this generates revenue to improve their products and services, it can also be considered an invasion of your privacy. Individuals involved in activism, or other activities may have their physical security put be at risk (such as police informants). Your information being available online may be considered a high-risk.
Geo Location Sniffing
You may also notice some websites immediately requests to know your location when you visit them. Well, the truth is that websites have always been able to locate approximate geo location using the Internet protocol (IP) address. MaxMind offers a free IP to Geo Location database for website developers that can convert the connecting IP address to the city and even approximate latitude and longitude of your IP. This data can be important to websites so they can convert event times into your local timezone and provide users with accurate relative times. However, simply getting someone to click a link to a website, can reveal their location to the website owner.
Anonymizing services (like Tor) or virtual private network (VPNs) tunnels, can obscure your location, but sites can also detect when you are using these proxies. This information can be relevant to a website in order to detect robots. If you are using a VPN or web-proxy, you will likely have an IP address issued to and owned a VPS provider (such as Digital Ocean or Amazon AWS) rather than an ISP (such as Bell or Comcast). This allows websites to build a better profile for robot detection and increase overall user security. Tor exit node IP lists are also available to websites, and they can easily detect if you are using Tor. However, the potential risk of using Tor is not in being detected for using Tor (which is trivial), it’s in fact the potential for a Tor exit node to attempt to downgrade you initial connection to a website to a lower encryption standard (see “SSL/TLS Downgrade” section in part one of this article) which the malicious Tor node owner can then decrypt, or attempt to downgrade the connection to abandon encryption altogether, leaving your communication in cleartext. Tor is not an end-to-end encryption application and Tor end-nodes have been implicated in several honeypot studies to having had stolen data passing through them.
Also, if your Internet Service Provider (ISP) rolls over it’s IP addresses between customers every so often, it makes detection of precise GPS location less reliable.
To the average person the term social media profiling may sound like they simply read your Facebook comments and decide that you like kittens. But, in reality it can work like this: websites can use 3rd party cookies to consolidate and track you across websites. So, when you go to iwantajob.com, your browser can tell them that you have visited other websites too. Then they can add that information to a profile and use it to which companies they recommend your profile to, and also provide that information to companies that you apply to. Monster.ca details the reality of professional investigations very clearly on their site.
Quote from link to Monster.ca article above:
If an employer really wants to get the lowdown on you, they’ll pay for professional investigation services to conduct a background check on you. The service will probably start with a simple online search. So clean up your digital dirt at a minimum.
Info Quest, a company that delivers social media profile reports on individuals (maybe to anyone with a credit card to pay for it) makes some ambiguous statements implying that they will give you some quality dirt by warning customers (or enticing them) that they cannot legally use some of the information provided in the hiring process. (Note: the Info Quest site has been taken down, but the site’s original contents is available on the WayBack Machine archived in 2020 including a timeline of the site’s history)
Quote from Info Quest:
Some information can be used to a hiring decision, while others cannot. Employers must remain compliant and take great care when revealing to information about a candidate’s private life.
They provide information that cannot be used in hiring decisions? I wonder how could the information provided NOT be used in the decision? Think about that for a second. Yet another company delivering personal dirt, SP Index claims to cover more than 8 million websites. Wow, that is very wide coverage. It begs the question of technical strategy to deploy such a wide information collection campaign.
Here is an academic article in the journal Ethics and Information Technology about changes in employer behaviour over the past 10 years (Cybervetting job applicants on social media: the new normal?).
Data Stitching and Online Finance
Other Ways to Track People Online
There are many other tools and tricks such as entering someone else’s email address into a password reset form, and reading the resulting website response. However, results may be 100% unreliable. The person you want to track might not be using the email address you think they are, and the website may return an ambiguous response to the password reset such as “If a user with this email address exists, we will send you a password reset link”.
The general practice of collecting information that is publicly available online has a name. It’s OSINT. Open Source Intelligence. So, you can see that your online security goes beyond protecting your computer from being hacked. You give information to websites every time you visit them. 3rd parties can can find things out about you too. And, both parties can sell that information to other people who want it. And while new online privacy laws may stipulate that a company with a website must delete all the information they have collected about you if you simply request them to do so, the reality is that this law does not force private investigation companies to do the same. In other words, you can’t simply email privateinfoforsale.com and tell them to delete all the information they have about John Smith who lives at 115 Whatever Street.
You know that hottie you don’t really know on your Facebook profile who doesn’t seem to talk much? Rouge social media profiles are another way to collect data about someone. Even though advanced privacy settings on your profile may prevent arbitrary scraping of your social media info, when you friend people you don’t know, you may be offering that information to this guy.
These are some serious things to consider when you think about privacy and the internet.
Image Search With Yandex and Google Images