As I attended the Keynote by Andreas Gal yesterday at the Data Transparency Lab (http://dtlconferences.org/), I realized one very disturbing fact: most of us do not value our privacy. How many of us include our date of birth in our passwords, while disclosing it readily to everyone around us (perhaps on Facebook)? How many of us use the same password for different accounts, simply because we cannot remember a large of passwords? My sincere recommendation: Use a “rule” to create passwords, then you only have to remember a rule rather than a password. For example, a rule can be that you append some characters to the name of the web service that you are signing up for with a random string and capitalize some characters: gmAiLSwati@!3496.
At some level, I feel like it’s a matter of educating people what all can go wrong in their lives if they are not careful. Google knows everything there is to possibly know about us, may I say they know our desires. They know where our cursor wandered over to, even if we didn’t click on it. When we open a website, a large number of third party websites start tracking us: they collect data about our location, about our web activity, about our credentials (you can install Ghostery on your browser to check who is tracking you, 29 websites started tracking me when I opened kayak.com). This data is then sold to various companies, such as those in advertising, that profit from this data because then they can show you ads catered to your demographics (this data is also the source of revenue for most of the web services). You may not care about ads or the clutter on these web services (which is a nuisance in themselves) but using this data these companies can dynamically price the services you want, depending on “how badly you want them”. For example, suppose my search history says I looked at parties during New Years in Delhi (they tag: traveling to India for New Years), indian dresses (they tag: possibly Indian), kayak.com (they tag: looking for flights) –> kayak.com increases the price for tickets to Delhi shown on only MY computer/ IP Address! Recommendation: Use incognito to search for airline tickets so that prices cannot be manipulated according your searches.
I feel like there should a “web course/test” before people are allowed to have an online presence, just like there is a driving test. This test should question critical things like: “should you have the same password for all accounts?” and some information about best practices: “one should use incognito for buying airline tickets”. We are entering scary times with rapid growth of web services and some precautions are becoming more necessary now than ever before.
Lê
Good point! Especially about passwords. I guess that, ideally, we should have a secret password and a kind-of-hash function that inputs our “real” password and something about the website it is used for, and output a specific password for this website… Maybe I’ll do that…
swatig
Yes!! 😀 Please do! It’s becoming a scarier world!
Even though there are people trying to make web more secure and honest about (not) collecting data, these motivations do not align well with monetary incentives. So, we have to become more aware of security concerns and start demanding services that are more responsible.