Blog

Online privacy is a big deal.

It looks like we’re getting serious about online privacy in 2021. Think about all the information you give out online (directly and indirectly) while using ‘free’ services… well, actually, you’re paying for these with your data. Data is a super valuable digital currency these days. The big players like Facebook & Google collect data from their users while on their networks, and sell this to third parties in the form of targeted advertising.

Sure, probably most people don’t mind this tracking. On the positive side it results in more relevant ads. But what happens when users’ data is handled badly? Or when the way data is collected changes?

We’re looking at the recent Facebook data leak, before examining the upcoming termination of third-party cookies, and finishing off with Apple’s new privacy settings.

Facebook data leak 2021

What happened?

Facebook users’ data was dumped online on Saturday 3^rd April 2021. Information about over 500 million users was compromised, including names, birth dates, phone numbers, and locations. This data was posted (for free) in a hacking forum.

How did the Facebook leak happen?

Twitter user Alon Gal (@UnderTheBreach) claimed that a vulnerability exposing the phone numbers linked to Facebook accounts was exploited, resulting in the database of personal information. The leak comes from a known issue from 2019, which Facebook claims has since been fixed. Hackers used software to exploit a vulnerability in Facebook’s search function, crawling the search results that directly identified users through their phone numbers.

This has happened before – infamous data science enterprise Cambridge Analytica had scraped data from 80 million Facebook users in order to target them with political ads for the 2016 US Presidential election.

Breach of trust

When a user submits their personal data on a platform, they expect a basic level of protection against its theft. When you deposit money in a bank, you expect the bank to take steps to protect itself from theft. However, it seems Facebook did not act soon enough to correct this security flaw.

Has my information been stolen?

You can check for yourself on this website owned and maintained by security analyst Troy Hunt, who has been monitoring security breaches for around a decade. However, keep in mind that this site doesn’t track security breaches linked to phone numbers – which is a big part of the Facebook security failure.

https://haveibeenpwned.com/

This website, created by a Dutch man living in Malta, will allow you to see if your data has been compromised through your phone number.

What could happen with the compromised data?

The big problem for users whose data has been compromised is the information linked to their identity. The combination of location, phone number, email and its connection to a name is an attractive hook to those with bad intentions. Hackers and cyber criminals can use this identity information in phishing scams and identity theft.

Now what?

There’s nothing that can be done about this breach now, as the information is already out there. However, here are some security recommendations that we recommend to everyone.

Security recommendations

• Think twice about the information you provide to platforms.
• Perform regular security checks.
• Make sure you have a strong password – don’t use common options like password1234 as these are easily guessed by bots.
• Ideally turn on two-factor authentication.

Goodbye, third-party cookies

Third-party cookies are trackers – they are not created by the user or the website they are visiting, but by others, usually retargeting or analytics tracking services. There are other kinds of cookies, first-party cookies, which are created by a website when visited by a user. They usually remember information about the user and their behaviour.

Firefox and Safari browsers no longer accept third-party cookies, and Chrome too is phasing them out. This is not the end of tracking, but a shift towards true end-user consent.

Instead, Google is implementing its Privacy Sandbox – a cookie-free browsing situation, which still caters for targeted ads. This will be based on a machine learning model, in a federated learning system – anonymising data for AI processing. It’s kind of like an imp that lives in your device and passes information up the chain to higher level elves in the cloud that determine ad serving. The main difference is that your data remains on your device.

Apple vs Facebook

Facebook and Apple have been at odds lately over privacy and tracking issues. Apple products Safari and iOS come with Intelligent Tracking Prevention (ITP). ITP 2.0 isolates first-party cookies – stopping them from being used as third-party cookies and effectively putting a halt to analytics and tracking. Critics think this is too strict and that it undermines the internet’s current business model.

Got a project in mind? The team behind Norr and Echo are digital specialists with the industry know-how to implement security and privacy features in your digital project. Speak to us at Norr and Echo to get started!