Privacy and the IoT

Privacy is defined many different ways, but however you define it, when it comes to how corporations use data your privacy becomes very important. What companies do with your data may at times seem like an invasion of your privacy, but in these cases, privacy has well-defined limitations in the eyes of the law. Will the Internet of Things (IoT) change the definition of privacy in the context of computing? Let us consider Google’s purchase of Nest. What could it have gained by this, other than to have one more IoT device within its family of products?

Google is an Internet marketing company. That is how it makes its money. If you do anything within the search industry, your goal is to get people to click on the paid listings scattered about web pages. Those paid listings are either at the top, sides, or bottom of a page, or show up as underlined “adwords” within the body text you read in your browser. Google’s goal is to make money off of every click from those advertisements. Secondarily, they are there to show you search results about the particular region of the world related to your query, and yes, a query in Texas returns different results than one in Massachusetts. To employ this type of targeted advertisement takes knowing how people use their browsers.

Google and other leading search companies maintain your privacy by using a unique ID that identifies your browser. This unique ID is unique even behind a NAT device, as the IP is just a part of the unique ID. Nevertheless, your query habits could provide enough information to identify you.

Google does not know your address unless you include it in a query or within Gmail, Google Drive, or any number of other tools Google provides. Its goal is to deliver increasingly targeted advertisements. The more information you provide it, the better it becomes at targeting its ads. Google uses massive big data farms to translate into advertisements the data it has garnered via your unique ID and data. It also ties all your unique IDs together under one of your logins. If that login happens to be your name, then they also have your name. These are just two examples of information that can identify a person within all that data.

Now enter the Internet of Things (IoT)—things ranging from your thermostat (Nest) to your car (Bing), your refrigerator, your alarm system, and of course, your smart device. Any of these devices could be communicating with a search engine, giving it data to help it convince you to click on one of its paid listings so that it can make money. So, how do you protect yourself? First, you could give up using search engines and stop using online services of any type. But that becomes a losing battle in these days of hyper-connectivity. You could instead use devices that do not need an account within a family of search engine products. Instead, spread your accounts out. Be aware, however, that when you have an account on a device like a Nest, and the company gets bought by a search engine, such as Google, your past data will eventually be pulled into its pool to help it attempt to sell you something. After all, its goal is to make money off your Internet activities and searches by feeding you even more-targeted ads. I saw a Twitter comment yesterday about Google starting to offer ads for sweaters when a Nest says a house is a bit on the chilly side. This is not far from the truth; eventually, I expect exactly that to happen. The future will be interesting:

  • Your refrigerator warns you that milk is low, so ads for the grocery delivery service Peapod and other shopping services show up in your browser.
  • Your Nest shows it is colder, so ads from sweater and warm-weather clothing providers, HVAC firms, and other companies dealing with heat appear in your browser.
  • Your car notices that you travel to particular locations frequently, so coupons for restaurants and stores in those areas start to pop up.
  • Your mail indicates that you often communicate with people in other states or countries, so discount plane ticket advertisements begin to appear.
  • Your scale determines that you are trying to lose weight or that your weight goal has been reached, so smaller-sized clothing, supplements, and diet advertisements start turning up in your browser.

The list of ways search engines can target you is really endless. But since they do not actually know your home address, phone number, or name in a specific sense, they skate underneath privacy laws. Nevertheless, if they were to be hacked, then that wealth of information would become the hacker’s wealth of information.

So, what do we need from Google and other search engines?

Search engines need to remove personal information in any form from their big data pools. They should perhaps use generalized tokens, and they should generate new advancements that will better protect our privacy. Search engines should be part of teams committed to increasing consumer privacy protection.

Once again, how can you protect yourself? If you are not comfortable with your information being used for targeting ads, then do not buy a product online, do not use it, and do not create an account with its company. After all, the Internet of Things starts with what you use. If you are worried about your privacy, here are some steps that could help:

  • Never place anything in email that you do not want others to know, such as addresses, phone numbers, etc., unless you can encrypt such emails. Barracuda’s spam and virus firewalls have the ability to encrypt mail as it goes out. Granted, to retrieve the email you have to log in to Barracuda’s cloud service, which presents using SSL and logins as well as keys within the actual message sent.
  • Use a private instance of ownCloud for addresses, calendars, etc.
  • Never allow your IoT devices to send data outside of your own network. It is fairly easy to block access from your device to the cloud, but you can do better than that: you can actually intercept and provide the same capability, also using your own network. Granted, it may not be as robust, but it will allow you to trend and see graphs, etc. Setting this up is contingent on either your coding skills or on the skills of others.
  • Use multiple browsers from multiple locations to keep each part of your online identity distinct. The unique IDs are generally by browser, not necessarily by computer, although with virtualization technology you can change them to be by computer. Employ one browser for internal use. With VMware Fusion, VMware Workstation, VirtualBox, or other tools, you can set up additional browsers for other specific access points: perhaps just one for Gmail (no searching) and another for searching via a second-tier search provider.

Effectively, the end goal is to keep your data out of the hands of the big search companies and instead to control your data for your own use with little or no loss of functionality.

What do you do to protect your identity? No one else will protect it for you.

New layer…
Posted in SDDC & Hybrid Cloud, SecurityTagged , , , , ,