Cybersecurity in networks Cybersecurity

What Information Have You Left on Internet?

24/03/22 9 min. read

Is the trail we leave behind us on the internet irrelevant? We often tend to think: “I’m just a nobody”, “who’s going to be interested in spying on someone like me?” However, we are making a grave mistake because in doing so we underestimate the value and the amount of information we generate

Our smartphone is the clearest example: we carry it with us all the time and it is constantly transmitting and receiving signals to and from adjacent antennas, communicating its position like an indiscreet beacon, and constantly exchanging data.      

Privacidad en Redes Sociales
More than 10,000 smartphones tracked in Central Park. ONE NATION, TRACKED. The New York Times. 

What information do we actually generate? 

There are two ways in which we generate information. The first is where we publish the information without even knowing it, that is, unintentionally.    

Computers, smartphones, and all our connected devices share our location, browser, operating system, language, financial information, age, and even sensitive personal data concerning our health, gender or religion.   

When we surf the internet, we are continuously being tracked (web tracking). Even without authenticating ourselves or entering any data manually, websites are able to identify us as a unique profile using numerous different techniques: they identify our browsers and cookies, trace our IP addresses, record our Bluetooth connections and push notifications, measure the performance of our devices, load web beacons (e.g. Facebook Pixel) and even transparent canvases to identify us.

The main data privacy laws (GDPR, ePrivacy Directive, CCPA) only allow users to be tracked if strict consent and data protection obligations are fully complied with. But still, even unwittingly, we are all subject to digital surveillance.  

This brings us to the second way you can engrave your name on that unique and (at least supposedly) anonymous profile resulting from web tracking: when we intentionally publish information … and sometimes publish more than we ought to. Social networking sites are the best example of this. As Aristotle said, “human beings are social beings by nature.” Today, 45% of the world’s population is connected to some kind of social network, totaling more than 3.5 billion people.    

Such a large number of users generate almost infinite relationships between them, and specialised processes such as Social Network Analysis (SNA) investigate their patterns to examine the social structures and interdependencies of individuals and groups. 

Privacidad en Redes Sociales
Example SNA graph made with the open source tool SocNetV 

All this information generates our digital footprint 

All this information we communicate, whether intentionally or unintentionally, is used to generate our digital footprint. Big Data is a means of organizing all this data and creating digital footprints of larger groups. These profiles are of great interest to companies and all kinds of organizations and can even be bought and sold, sometimes without the data subject’s knowledge.

For example, the Finnish company Supercell made $8 billion over the last few years from the games Clash of Clans and Clash Royale. In 2016, it was acquired by the Chinese company Tencent.  

You might think: “What does it matter if they create a buyer profile for me, it’s just to show me more targeted ads and try to get me to consume more products.” It’s not that simple: there are more than a thousand ways to be in the wrong place at the wrong time. Just look at the number of news stories of people who for various reasons have ended up in jail (or worse) simply because of some comment or interaction on Facebook, Twitter or any other social networking site.

Privacidad en Redes Sociales
Levi Charles was arrested when he ‘liked’ his search warrant on Facebook 

Another of the most talked-about examples in recent years is the case of Cambridge Analytica, the company that exploited the private information of more than 50 million Facebook users to influence the 2016 U.S. presidential election.

In short, information is power, and in the wrong hands, it can be very dangerous.  

Therefore, we recommend you always be careful not to disclose any personal data that could be susceptible to a social engineering attack. When you post something on the internet, think beforehand about whether it may have any unintended repercussions or consequences. 

How to protect yourself on social media

The reality is that we cannot fully control our privacy on social media. Once we have assumed this, the next step is to take all measures within our power to improve the security of our profiles.   

Nine essential tips to increase your safety. 

1. First and foremost, use your common sense:  

When creating a new account, only provide information that is strictly necessary to use the platform. Think of all the sites that are breached, exposing the data of their users. Never provide additional sensitive data such as bank account information, nearby places, political affiliation, etc. Likewise, before posting a publication think first and make sure you are not exposing sensitive information.     

2. A good password is more beneficial than you might think:  

It is of vital importance to choose a strong and secure password that is not derived from your personal details (e.g. birthday). But not only that, remember to change it frequently and not to reuse it on other sites or social networks. Whenever available, use a second authentication factor such as a temporary code (TOTP) sent via SMS to your smartphone or a code obtained through an application such as Google Authenticator or similar. 

3. Beware of accessing from untrustworthy devices:  

This is fairly obvious. Accessing your social media from a public or shared computer and/or through an untrusted Wi-Fi network is never a good idea.  

4. The photos and videos you post sometimes say more than they should:  

They say a picture is often worth a thousand words and that is precisely the case when you upload any audiovisual content. Look over it closely first because you could be revealing more information than you want to.  

Privacidad en Redes Sociales
 Photo from the Hawaii emergency agency showing a password on a post-it note. Source La Vanguardia 

Timing is also important. For example, a public photo of your holiday at the beach may be valuable information for someone telling them your home is empty.     

5. Know what you are getting into (literally):  

It may seem obvious, but we often venture into a social networking site without fully understanding how it works. Review the settings and all the available options, make sure you know when posting your first message who will be able to see it before it is too late, and bear in mind what many people say: anything uploaded to cyberspace never disappears completely.

6. Try to only have contacts that you actually know (and if not…at least ‘stalk’ them first) :  

Remember that there is no obligation to accept a ‘friend’ or ‘follower’ request on any social networking site, especially from those we do not know. If you do, do a little research (stalk) the person beforehand and figure out from their timeline who they are, what they do, and what kind of content they share. 

7. Who do you want to know about your location?  

If it is not strictly necessary due to the nature of the application, do not give permission to access your location. If it is necessary to grant permission at any given moment and you do so, remember to remove it again when you are done. That way you will avoid giving away clues about the places you frequently visit.  

8. Read (and understand) the Privacy Terms:  

Pay attention to how your information is processed. We usually click the button to accept the terms of use of an app immediately, thereby agreeing to share our information when we register on the platform. But do you know exactly what information or how it will be processed? Pay special attention to what content can be shared with a third party and whether you can permanently remove it from the website. Many sites also offer the possibility of changing some of the settings, so it is up to us to have a look at the list and disable certain options available to minimize the exposure of our information.  

9. Go over all these tips and the available settings on a regular basis: 

Using secure browsers, regularly clearing your search history and cookies and periodically reviewing your privacy settings and changes in terms and conditions, etc. is a constant task.  Always stay alert and keep adding good practices to your routine. 

Privacidad en Redes Sociales

These are what we consider to be the main recommendations, but they are not the only ones.  This post is not intended as an exhaustive technical guide on how to protect your data on social media; it is simply a way of raising your awareness and calling on you to be responsible in order to protect your privacy as much as possible.  

Santander Global T&O is a global company of Santander Group with more than 3,000 employees and based in Madrid, we work to make Santander an open platform for financial services.

Check out the positions we have open here to join this great team and Be Tech! with Santander.

Follow us on LinkedIn and Instagram.

vicente motos

Vicente Motos

Santander Global T&O

Currently working in the Santander Threat Response department focused on tactical intelligence, threat analysis and engineering. Self-taught and passionate about computer in-security and hacking for many years, I actively participate in the community and author of many technical posts.

 

👉 My LinkedIn profile

 

Other posts