fbpx
3-5 Evaggelikis Scholis, 14231 Nea Ionia, Greece
+302108321279
+302110135659

Surveillance capitalism: Eight ways the internet is spying on you

Originally posted on fastcompany.

Let’s explore the top tools and methods used to surveil people and how leaders can protect themselves and their businesses.

Welcome to the age of surveillance capitalism. There are literally tens of thousands of organizations (data brokers, mobile app vendors, advertisers, cybercriminals, governments, law enforcement, military, et. al.) trying to collect information on you and aggregate all the information collected on you from different sources in one place, and then consume it, analyze it, or resell it.

Your personal information, the websites you go to, where you live, work and go to school, what you buy and where, who you’re affiliated with, what vehicle you drive, how fast you drive… all of that data is literally being shared between organizations across the world, and a lot of it is available for sale. Let’s explore the top tools and methods used to surveil people and how leaders can protect themselves and their businesses.

1. PUBLIC DATABASES

A lot of information open to the public can be researched by anybody using open-source intelligence (OSINT). Email addresses, telephone numbers, address information, health records, car ownership, home ownership, hobbies and interests, and even genetic data can be accessed online. Using websites like dehashed, anyone can research old passwords; sometimes hackers can use them to guess passwords or identify patterns.

Consider having your security team comb through these websites to identify any leaked information for key executives.

2. INTERNET BROWSERS

Web browsers can track people in several ways by using cookies, web beacons, browser-based applications, browsing history, and stored passwords. Even if a website claims it is not tracking you while using incognito mode, it still tracks you. Recently, Google admitted to tracking user activity even in incognito mode.

There are several privacy-focused browsers employees can use to protect their identities online. Business leaders can also consider adopting browser security platforms for greater security and privacy in their enterprise environments.

3. SOCIAL MEDIA

Social media platforms such as Facebook, X, Instagram, and LinkedIn are certainly tracking your every move—including your searches, interests, connections, friends, co-workers, and employer—and selling that data to willing buyers. If you permit these apps to access your current location, it enables GPS tracking which pings your location every second.

In case your employees use social media at work, it’s important to advocate the use of security best practices and also provide clear guidelines and policies around the use of social media.

4. MOBILE PHONES

Your cell phone is tracking your location and movements, your IP address, device ID, and more. There’s also a lot of other metadata available: contacts, call history, duration of calls, sleep time, exercise time, etc. The websites you visit, the applications you use—it’s all being tracked. There’s also something called the advertising ID or identifier that’s unique to each device. Even if phone vendors claim they “anonymize” your identity, they can still track you using this ID.

For company-owned mobile devices, consider adopting enterprise security solutions like mobile device management (MDM) to isolate business applications and work data for greater privacy and security. You might even consider deploying mobile application vetting (MAV) solutions.

5. DEVICE CAMERAS

The camera on your cell phone or your laptop can be used to spy on you. Hackers and nation-states can turn on people’s cell phones while they’re taking pictures or talking to friends. Hackers will turn on phone cameras and laptop cameras, take pictures of people when they’re visiting pornography sites, collect compromising photos, and use them to blackmail victims (a.k.a., sextortion). Home CCTV cameras are also full of vulnerabilities and can be exploited for all kinds of reasons. For example, a security glitch allowed 13,000 strangers to view each other’s home security camera footage.

Instruct your employees to use webcam covers when they are not in meetings so threat actors cannot compromise their safety or privacy. Also consider using high-quality cameras that transmit and store data in an encrypted format along with other system and network protections.

6. AUTOMOBILES

Your vehicle can be an information-collection basket: It collects GPS data through its navigation system, and your infotainment system can record what songs you listen to, what apps you’re playing, when you’re driving to and from places, how fast you drive, where you go to work, at what hours your car is parked, etc.

If your employees use company-owned cars, it’s probably time to evaluate car manufacturers based on how seriously they consider the privacy and security of their consumers.

7. SPYWARE

The most well-known spyware to date is probably Pegasus, developed by Israel’s NSO Group. Pegasus has been used to spy on thousands of businesspeople, politicians, journalists, and protesters. How does it launch? Usually with something simple, like an SMS text or a WhatsApp file attachment, that once clicked, takes over your phone.

Teach your employees to use mobile security on their phones (that can detect and block malware or spyware) and also promote the use of a virtual private network (VPN) that can mask internet traffic.

8. PUSH DEVICE TOKENS

Every phone has a push token ID. It’s a hexadecimal number used by phone carriers and applications to send you push notifications. What most people don’t realize is that spy companies and governments can send background push notifications that can be used for surveillance purposes.

WHAT BUSINESS LEADERS CAN DO

So how can businesses and individuals protect themselves from internet surveillance?

  1. Start with educating yourself, becoming aware of how you’re being surveilled and what your privacy rights are.
  2. Visit the websites and applications you use and read their privacy policies carefully.
  3. Be aware of how social engineers can use your publicly available information to design highly targeted phishing attacks.
  4. Ensure you educate not just yourself, but also your friends, families, employees, and coworkers.

In the end, you must decide what type of surveillance is acceptable, and whether the inconvenience of mitigating surveillance is worth the effort. Because there’s already too much of it.

Source: fastcompany

Related Posts