Aadhaar breach: How we compromise our privacy on tech
Privacy remained a hot topic throughout 2017, and barely a week into the New Year, it looks set to become the centre of conversation yet again. The trigger, as so many times before, was the worrying news of a massive data breach affecting the secure servers of Unique Identification Authority of India (UIDAI).
According to a report in Chandigarh-based English daily, The Tribune, the entire UIDAI database containing the Aadhaar and biometric data of millions of Indians was up for sale for a paltry Rs 500.
Arguably the worst of its kind, the breach is only a part of a series of leaks that have taken place over the last couple of months and, as such, is expected to be brushed under the carpet. So, in these troubling times, when the foundations of the right to privacy over our data are being continuously eroded, and government authorities have become de-facto guardians of some of our sensitive personal data, it's important to take things into our hands and protect the data we control.
As new cases of Aadhaar data breach surface almost like clockwork and cause nationwide panic, it is prudent to take a step back and think of the larger data security risks that we often willingly expose ourselves to every single day. Popular services such as Facebook, or even innocuous games like Pokemon Go, pose a far greater threat to data privacy than the worst of Aadhaar data leaks.
Case in point: the news of Pokemon Go accessing contacts and reading emails of users that downloaded its application on their phones.
But since most in the digital world – especially in India – largely remain oblivious to the harm of the blind usage of apps and services, the news got little traction, and not much was done to safeguard the digital footprint of individuals from the malicious view of hackers and data thieves.
It is important to note here, unlike the security of Aadhaar information, the privacy of the rest of our equally sensitive personal data – passwords, location, browsing history, likes and dislikes – remains in our hands.
So what do you to safeguard your data?
Do your bit, or don't
Well, there are a number of things that you can do, and not do, to protect your personal data. For starters, always use firewall and antivirus programmes. These are a must for any device as they serve as first lines of defence against attacks such as Wannacry and Petya. Depending on your device and the operating system in place, you should have some protection pre-installed, but in case you don't, it's a good idea to spend a couple of hundred rupees a year on third-party security suites from Kaspersky or AVG.
Other tools one should always have in place are ad and pop up blockers. They improve not only your browsing experience but also your chances of unwittingly getting caught on the wrong end of a malware attack.
Use two-factor authentication and services such as Google Authenticator to improve the security of your social media profiles and the applications on your phones.
Save yourself from being tracked on the web
Now that the basics are covered, what's next are actions that usually go under the radar, which — if taken care of — can greatly improve the security of your personal data. To begin with, clear your browser's cookies. Probably the oldest method of tracking a user's web activity, cookies, in theory, are placed on a user's computer by websites to speed up the loading of the webpage.
In case of first-party cookies from trusted websites such as Amazon or even Youtube, this proves a boon, but the situation turns murky when cookies from advertisers sitting on webpage enter the scene. They can very easily track a user's digital footprint and later use the information for tempting you into clicking on a malware-infested banner displayed strategically on a webpage that you often access.
However, there's more that needs to be done if you want to ensure you are not tracked online. Extensions such as CanvasFingerprintBlock can be installed on Chrome as a defence against Fingerprinting.
The process is aided by a vulnerability in the Canvas API of the browser that can access a computer’s graphics engine. The exploit can then be used by an unwanted service to track the computer’s browsing activity.
Another useful extension, Ugly Email, can prevent the tracking of your movements within the Gmail Inbox. The extension exposes the number of emails in your inbox that are being tracked by advertisers.
However, if you want to go one step ahead, you can encrypt your email activity by using easy-to-use services such as ProtonMail. The service easily integrates with Thunderbird, Microsoft Outlook, and Apple Mail, helping protect personal emails that often store sensitive data.
Last but not the least, it's extremely important to protect yourself from the prying eyes of tech giants such as Facebook and Google. There's no denying that the two have become central to the digital way of life, but their eagle-eyed view over our digital lives can still be controlled.
To begin with, avoid logging into third party websites using Facebook or Google accounts. Next step is to head over to Account Settings and change permissions that are given to advertisers. Also, under Facebook's policy, people who have access to your profile information can take that information with them when they use third-party apps on the platform.
To prevent this from happening, visit this page.
Be aware of location-based tracking
The possibility of digital surveillance is an accepted peril of modern-day life when carrying a GPS-enabled smartphone in your pocket has become more of a need than an indulgence. Since most mobile applications today use some sort of location-based services to "improve" user experience by providing individualised service, checks and balances have been put in place to ensure that users share only what they want to, when they want to.
The trick here is to always keep this in mind, and share your location only when it's needed.
In case of Facebook, you can limit the application's ability to track your movements based on where your mobile phone location easily by heading over to the settings page. The same can be done for other apps too. It is also a good practice to keep location setting turned off when not using services that make use of location data.
There's more
Apart from safeguarding the data on your social media profiles and hiding your digital footprint, what is more important is protecting the data that you have saved on your devices.
In times when data privacy and security have become such important issues, it is prudent to keep private data saved on your devices encrypted.
On Mac, use the Disk Utility. Windows 10 Home users can download a free app such as GPG4win. There are similar applications available on iOS and Android platforms to achieve this goal. To protect your computer from hackers, users should also restrict file sharing and turn off network discovery on their Windows computers.
All these steps can go a long way in helping own your personal data just the way you were meant to.