Fishing hook

Hiding in plain sight: 8 digital security threats in everyday life

What’s more valuable to you: protecting digital privacy…or free pizza?

It turns out a startling number of people in a Stanford study chose pizza over protection. In the study, 3,108 undergraduate students were told they were joining a study on the use of Bitcoin for making payments. Students answered survey questions about their views on digital privacy to capture data on their stated preferences. 

A group of students were then offered a free pizza if they divulged the email addresses of three of their friends. The overwhelming majority of students took the cheesy pizza for the low cost of compromising someone else’s digital privacy. 

Interestingly, students who had described digital privacy as important to them were just as likely to choose pizza as the students who had no strong views about privacy. One researcher commented that people ‘are willing to relinquish private data quite easily when incentivized to do so.’ Apparently, the cheesier the incentive the better.

‘Generally, people don’t seem to be willing to take expensive actions or even very small actions to preserve their privacy,’ the study’s author stated. ‘Even though, if you ask them, they express frustration, unhappiness or dislike of losing their privacy, they tend not to make choices that correspond to those preferences.’ Add this to the list of complex paradoxes in the digital world: the deep disconnect between what we say about digital privacy and the actual choices we make. 

These days, threats to our digital privacy and security can come from practically anywhere. And some of them are hiding in plain sight. Take a look: 

1. Think you’re safe from privacy violations at work? You’ll probably want to know that one report estimates 15% of the Fortune 500 make use of secret tracking devices hidden in lights and ID badges. One surveillance vendor reports that 350 different companies are using its products to monitor “conference room usage, employee whereabouts, and ‘latency’—how long someone goes without speaking to another co-worker.”

2. The CEO of iRobot, the maker of the popular Roomba automated vacuum cleaner, caused a stir after apparently suggesting the company was seeking deals to sell data about the layout of users’ homes to third parties. The company later clarified that it didn’t have any plans to sell the data without users’ consent. The situation shines a spotlight on the ongoing tension between personal privacy and the monetary value of certain types of consumer data. 

3. Achieving the elite heights of pro sports apparently doesn’t make you immune to privacy threats. The NBA and its players’ union are in conflict over how much data can be collected and shared using wearables like fitness trackers. The player’s union is seeking control over what data is collected and how it gets used. Exactly the same legal issues and ethical considerations that are being raised as more and more employers deploy wearables to their employees. 

4. Your car is watching. Computer systems in many newer cars create records of pretty much everything you do on the road, from logging telephone calls to recording how fast you drive. The challenge for consumers is figuring out what’s being collected, and where it goes afterward. The legal situation in the U.S. is murky, with no one law covering data collection by automobiles.

5. Be careful what you say in front of Barbie. A study from University of Washington researchers demonstrates how the Internet of Toys is raising new privacy questions. In interviews with parents and children about the use of Internet-connected toys, the researchers found that children were unaware that their toys were recording their voices, and that parents worried about privacy pretty much any time the toys were out of the toy boxes. 

6. A lighthearted Facebook meme may unintentionally telegraph answers to your banking security questions. The post, called “10 Concerts I’ve Been To, One is a Lie,” asks users to share information about concerts they’ve attended. The problem is that “Name the first concert you attended” is a common security question used by banks and other financial institutions for online authentication. Phishing aside, the meme can also “telegraph information about a user’s age, musical tastes and even religious affiliation — all of which would be desirable to marketers hoping to target ads.” 

7. Usage-based insurance (UBI) is the term for insurance products that are priced according to specific usage factors. UBI auto insurance, for example, is priced on factors like how often a driver uses their car, how fast they take corners, and their average speed. University researchers were able to demonstrate that it’s possible to reveal personal data by pointing an AI algorithm at usage-based insurance data stored in the cloud. One researcher commented, ‘An attacker only needs one part of the information provided to a UBI company to discover a driver’s whereabouts, home, work, or who they met with.’

8. An audit by the Internet security nonprofit Online Trust Alliance found that 6 of the 13 “Free File Alliance” tax websites approved by the IRS provide inadequate security and privacy protection. The report states, “Criminals are increasingly penetrating IRS systems, targeting e-file service providers and harming consumers through bank account take-overs, identity theft, ransomware and compromising completed returns to redirect tax refunds.” As if April 15 wasn’t stressful enough.

All of these cases point to an important reality of the digital age: New privacy and security questions are created every time a new device is connected to the Internet. Which is why people will no longer think you’re crazy if you ask, “Is that Roomba watching me?”