Cloud

10/24/2017
09:50 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Opera, Vivaldi Co-Founder Talks Internet Privacy

Most people don't understand the extent to which their personal information is at risk, says Jon von Tetzchner, who founded the Opera and Vivaldi browser firms.

The Internet often forces people to treat their data like currency: enter your information and get access to an app or service. Businesses collect bits of data for each person online and use it to track and target them.

Privacy is a human right. People should have a say in their privacy, says Jon von Tetzchner, co-founder of the firms that created the Opera and Vivaldi browsers. The problem is, many people who share their information for the convenience of using different services don't realize the consequences of having their information tracked.

Current regulations don't let anyone opt out. Oftentimes there isn't a question of implicit consent. When you go shopping on Walmart's website, you're not given the option to browse free from online trackers.

"We're being told, to get Internet services you have to give up privacy, or to get security you have to give up privacy," he continues. "But by giving up privacy we're actually giving up security. You don't need to track a person all the time to be able to figure out where they are."

For some software or services there is a need to collect certain types of information, but as von Tetzchner points out, most of the time there is no correlation. Overall, the tracking has gone too far, he continues, to a point where it "has to be in violation of law." The implications are poised to become far more nefarious than targeted advertisements on Facebook or Google.

"For a lot of us, [targeting] is maybe just a nuisance," he explains. "But when you see that being used for things like propaganda, it becomes highly problematic and even a security issue."

Growth and Consequences of Online Tracking

Online tracking and data collection is partially fueled by the size of corporations behind it. Large companies and ecosystems have so heavily invested in these operations, there is a fear of breaking the system if the collection is stopped. Unfortunately, major businesses are at high risk.

"The bigger the target, the bigger the game," he notes, citing the Yahoo breach as an example of what happens when a major data collector gets hit. "With these services, there is a problem because they can be attacked and if they get attacked, the spoils are huge." He admits he's inclined to use smaller companies because they're less connected to larger entities.

Cloud growth also plays a role in making storage of user data cheaper, easier, and more secure -- if done properly. As we now know, poor cloud security practices can affect billions.

"Sure, cloud is cheaper, but it depends on the quality of people you have doing the job," says von Tetzchner. "It's creating situations where you have single points of failure."

What does this mean for the future? "This implies problems for everyone," he continues. It's imperative for businesses to care more about privacy regulation. Many companies and app developers prioritize functionality over privacy and security due to resource and time constraints. Relaxed security and privacy standards have made mobile ecosystems appealing to attackers.

Given the size of players in the game and ubiquity of data collection, this is a difficult problem to address. Ideally, von Tetzchner says, there would be a limit on data collection and no individual tracking, which didn't even exist not long ago. One of the challenges is there aren't many sources that could really regulate this, though the United States and European Union are two potential sources.

Most Consumers Don't Understand the Problem

News reports of major cyberattacks and data leaks have driven broader security awareness, but there continues to be a general lack of knowledge when it comes to online threats, the exposure of their personal information and devices, and potential for unwanted spying. 

"Most people don't really understand how far that goes," says von Tetzchner. "All of our movements are tracked, everything we do on our computers with regards to browsing is being seen … It's like asking someone, 'Can I follow you, one step behind you, all the time?'"

The 2017 State of Privacy and Security Awareness Report by MediaPro found 70% of 1,012 US workers don't fully grasp security and privacy. Behavior on social media was especially concerning as the number of people willing to potentially risk their companies on social media grew to 20%.

Savvy users have trouble hiding in the shadows. Some are turning to the Dark Web for their online activity not because they want to do anything illegal, but because they want to use the Internet without being watched, von Tetzchner says.

"It's natural for people to want to keep their privacy," he says. "It doesn't mean you're doing anything illegal. Users shouldn't have to use Tor, or anything like that."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.