Cloud

10/24/2017
09:50 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Opera, Vivaldi Co-Founder Talks Internet Privacy

Most people don't understand the extent to which their personal information is at risk, says Jon von Tetzchner, who founded the Opera and Vivaldi browser firms.

The Internet often forces people to treat their data like currency: enter your information and get access to an app or service. Businesses collect bits of data for each person online and use it to track and target them.

Privacy is a human right. People should have a say in their privacy, says Jon von Tetzchner, co-founder of the firms that created the Opera and Vivaldi browsers. The problem is, many people who share their information for the convenience of using different services don't realize the consequences of having their information tracked.

Current regulations don't let anyone opt out. Oftentimes there isn't a question of implicit consent. When you go shopping on Walmart's website, you're not given the option to browse free from online trackers.

"We're being told, to get Internet services you have to give up privacy, or to get security you have to give up privacy," he continues. "But by giving up privacy we're actually giving up security. You don't need to track a person all the time to be able to figure out where they are."

For some software or services there is a need to collect certain types of information, but as von Tetzchner points out, most of the time there is no correlation. Overall, the tracking has gone too far, he continues, to a point where it "has to be in violation of law." The implications are poised to become far more nefarious than targeted advertisements on Facebook or Google.

"For a lot of us, [targeting] is maybe just a nuisance," he explains. "But when you see that being used for things like propaganda, it becomes highly problematic and even a security issue."

Growth and Consequences of Online Tracking

Online tracking and data collection is partially fueled by the size of corporations behind it. Large companies and ecosystems have so heavily invested in these operations, there is a fear of breaking the system if the collection is stopped. Unfortunately, major businesses are at high risk.

"The bigger the target, the bigger the game," he notes, citing the Yahoo breach as an example of what happens when a major data collector gets hit. "With these services, there is a problem because they can be attacked and if they get attacked, the spoils are huge." He admits he's inclined to use smaller companies because they're less connected to larger entities.

Cloud growth also plays a role in making storage of user data cheaper, easier, and more secure -- if done properly. As we now know, poor cloud security practices can affect billions.

"Sure, cloud is cheaper, but it depends on the quality of people you have doing the job," says von Tetzchner. "It's creating situations where you have single points of failure."

What does this mean for the future? "This implies problems for everyone," he continues. It's imperative for businesses to care more about privacy regulation. Many companies and app developers prioritize functionality over privacy and security due to resource and time constraints. Relaxed security and privacy standards have made mobile ecosystems appealing to attackers.

Given the size of players in the game and ubiquity of data collection, this is a difficult problem to address. Ideally, von Tetzchner says, there would be a limit on data collection and no individual tracking, which didn't even exist not long ago. One of the challenges is there aren't many sources that could really regulate this, though the United States and European Union are two potential sources.

Most Consumers Don't Understand the Problem

News reports of major cyberattacks and data leaks have driven broader security awareness, but there continues to be a general lack of knowledge when it comes to online threats, the exposure of their personal information and devices, and potential for unwanted spying. 

"Most people don't really understand how far that goes," says von Tetzchner. "All of our movements are tracked, everything we do on our computers with regards to browsing is being seen … It's like asking someone, 'Can I follow you, one step behind you, all the time?'"

The 2017 State of Privacy and Security Awareness Report by MediaPro found 70% of 1,012 US workers don't fully grasp security and privacy. Behavior on social media was especially concerning as the number of people willing to potentially risk their companies on social media grew to 20%.

Savvy users have trouble hiding in the shadows. Some are turning to the Dark Web for their online activity not because they want to do anything illegal, but because they want to use the Internet without being watched, von Tetzchner says.

"It's natural for people to want to keep their privacy," he says. "It doesn't mean you're doing anything illegal. Users shouldn't have to use Tor, or anything like that."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-15137
PUBLISHED: 2018-07-16
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
CVE-2017-17541
PUBLISHED: 2018-07-16
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
CVE-2018-1046
PUBLISHED: 2018-07-16
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow ...
CVE-2018-10840
PUBLISHED: 2018-07-16
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
CVE-2018-10857
PUBLISHED: 2018-07-16
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.