DIGITAL PRIVACY

INTRODUCTION TO DIGITAL PRIVACY

❑ WHAT IS DIGITAL PRIVACY?
❑ WHY IS DIGITAL PRIVACY IMPORTANT IN TODAY’S WORLD?
WHAT IS DIGITAL PRIVACY?

• Digital privacy is often defined as the level

of privacy an individual has regarding their
personal information online and in the
digital world.
WHY IS DIGITAL PRIVACY IMPORTANT IN TODAY’S
WORLD?
• Personal Data Protection
• Online safety
• Data Security
• Reputation Management
• Freedom of Expression
• Avoiding Surveillance
• Preventing Discrimination
• Intellectual Property Protection
DATA PRIVACY AND PROTECTION
❖ DATA BREACHES AND THEIR CONSEQUENCES
❖ LAWS AND REGULATIONS
DATA BREACHES AND THEIR CONSEQUENCES

• What is data breach?

• A data breach refers to a security incident where
unauthorized parties gain access to sensitive or
confidential information. These breaches can occur
in various ways, including hacking, social
engineering, or accidental exposure.
DATA BREACHES AND THEIR CONSEQUENCES

• Financial Loss
• Identity Theft
• Reputation Damage
• Legal Consequences
• Loss of Confidentiality
• Emotional and Psychological Impact
• Operational Disruption
LAWS AND REGULATIONS

• Laws and regulations in the realm of digital privacy

are a set of rules and guidelines established by
governments and governing bodies to protect
individuals' personal information and ensure
responsible data handling.
LAWS AND REGULATIONS

▪ General Data Protection Regulation (GDPR)

▪ California Consumer Privacy Act (CCPA)
❖ Key Aspects:
1. Consent
2. Data Rights
3. Data Security
4. Accountability
5. Data Portability
MEME TIME…
ONLINE PRIVACY THREATS
➢ CYBERSECURITY THREATS AND PHISHING
➢ SOCIAL ENGINEERING
CYBERSECURITY THREATS AND PHISHING

• Viruses
• Malware
• Keyloggers
• Spyware
• Browser Exploits
• Phishing
SOCIAL ENGINEERING

• Social engineering is a form of psychological manipulation used by

malicious actors to exploit individuals and gain unauthorized
access to sensitive information, systems, or resources. It involves
tricking people into revealing confidential information, performing
actions that compromise security, or providing access to restricted
areas. Social engineering attacks target the weakest link in the
security chain: human behaviour.
SOCIAL ENGINEERING

• Phishing
• Pretexting
• Baiting
• Tailgating
• Impersonation
• Quid Pro Quo
MEME TIME…
PRIVACY IN SOCIAL MEDIA
✓ RISKS OF OVERSHARING
✓ PRIVACY SETTINGS AND CONTROLS
RISKS OF OVERSHARING
• Privacy Invasion
• Identity Theft
• Cyberbullying
• Online reputation Damage
• Financial Scams
• Physical Security Threats
• Data Breaches
• Hacking
• Unwanted Solicitations
• Social Engineering
• Data Mining
PRIVACY SETTINGS AND CONTROLS
• Account Privacy

• Social Media Sharing

• Communication and Messaging

• App Permissions

• Location Services

• Browser Privacy

• Device Privacy

• Data Backup and Storage

• Data Deletion and Retention

• Email Privacy

• Web services and Search Engines

• Security Settings

• Data Download

• Privacy Checkups

• Advertising Preferences
PROTECTING YOUR DIGITAL PRIVACY AND CASE
STUDIES
Baby Steps to Implement
Here's the TL; DR version
TL; DR 1 - Download and use FireFox
TL; DR 2 - Change your search engine to StartPage or DuckDuckGo
PROTECTING YOUR DIGITAL PRIVACY

What to do/use to protect your privacy?

This could be a long list, so I'll stick to the low-hanging fruit first. Don't be
overwhelmed: you can implement just one tip each week, and soon you'll
be set.
The golden rules:
• Do not share private information online, and when people you know
share your private information, be willing to have the unpleasant
conversation to ask them not to do that again. In particular, be careful
about what you share on social media; that info could very easily be used to
gain your trust. If you must use these platforms, take the time to go through
their privacy settings.
• PIN lock your credit files. It will protect you from identity theft,
making it impossible for someone to open accounts in your name even
with your Social Security Number and date of birth. It also blocks the
credit bureaus from selling your address, age, income, and other data (they
fought this until their hand was forced by law). No one can access your
credit without your knowledge (you'll need to temporarily lift the lock
first). Here's a guide (it can be done online).
For the most casual users
• Don't use a web browser made by an organization with a strong incentive to track you (e.g., Chrome, IE, Edge). Chrome is
functionally a great browser, but its owner made $79 billion in ad revenue from selling what it knows about you last year alone.
Why do we look past that? Use Firefox (with modifications below) or just use the Tor Browser.

• Avoid using search engines from ad companies (google, bing, yahoo) especially if you're logged in.
Your search history reveals a ton about you. For instance, look at this. Use an engine that does
not log your searches. StartPage.com in particular gives you google search results while
shielding you from google's tracking.

• Disable 3rd party cookies and use a privacy add-on such as uBlock Origin; this makes it harder for 3rd party trackers to follow
your activity

• Get rid of any extension/plugin you do not need. They see everything you do in the browser, even over HTTPS sites -- including the
passwords and card numbers you type -- and they can do a lot of damage You're putting a lot of trust in any extension you use, so
choose carefully.
Here's a list of the add-ons for firefox:

• uBlock Origin
• Smart HTTPS
• Decentraleyes
• Cookie AutoDelete
• Multi Containers
• Link Cleaner
• Privacy Badger
As of April 2019, Google Chrome is used by almost 3 out of every 4 web users, sitting at a 70% market share. This
means the chances are high that you're a Chrome user. While Chrome may be an elegant browser, it comes at the cost
of your data. Here's a handful of things Chrome collects.

• Chrome sends your original search query, the suggestion you selected, and the position of the suggestion back to
Google.
• If you've chosen to sync your Chrome history, and if Google is your default search engine, the URL of the page
you’re viewing is sent to Google.
• Chrome will send a [location] request to google.com each time you start the browser.
• Chrome uses your IP address to identify your country or region.
• Desktop versions of Chrome can provide smarter spell-checking by sending text you type into the browser to
Google's servers. If this feature is enabled, Chrome sends the entire contents of text fields as you type in them to
Google, along with the browser’s default language.
• When you search using the address bar in Chrome, the characters you type (even if you haven’t hit "enter" yet) are
sent to your default search engine.
• When you can’t connect to a web page, you can get suggestions for alternative pages like the one you're trying to
reach. To offer you suggestions, Chrome sends Google the URL of the page you're trying to reach.
• Use a password manager to generate strong, different passwords for all your accounts.

• Be suspicious of links you receive by email, especially if you're directed to a login page. Double check the domain
name in the URL bar, or manually enter the domain instead of clicking the link. Be very suspicious of unexpected
attachments, even coming from people you know.

• Use a firewall that blocks apps from getting to the internet until you've actively whitelisted them. This may mitigate
damage if you get infected by something that tries to get online to exfiltrate your data to a remote server, or to
download more malware.Your phone should have its own firewall
• Don't give 3rd party apps access to your accounts

For users who are a bit more concerned and are willing to make small changes to how they browse
• Avoid email providers from companies who want to track you (Gmail, YahooMail, Outlook, Hotmail...). Your message
history is prob the single greatest private data stash in your life so don't store it where the provider can read your
messages and open them up to 3rd parties! If you are already using these tracking mail servers,

consider
transitioning
to something more private.
• Browse in Private Mode by default; this tells the browser to do what it can to safeguard your privacy. As new privacy
leaks are discovered, browser makers often improve the Private mode to block the leaks, so your browser gets
more private over time if this is your default mode.

• Use a no-logging VPN to access the web. This makes it harder for anyone observing your connection (e.g. your ISP
or a hacker on a public network) to see what you're doing, and for websites to know where you're connecting from.
And you should be concerned because ISPs have shown over and over that they'll share all they know about you to
make money. Not to mention that they may be required to log your traffic and share it in real time.

• Log out when you're done; for instance, before you navigate away or close the tab from Facebook or your bank.
These big sites can already see what your browser does around the net. If you are logged in while they track you, it's
much easier to associate that activity with your actual identity.

• Do not give out true information unless you have to. Sites will ask for your name or birth date but will accept
anything; payment sites will ask for your exact address when all they need is your zip code. Do not give real answers
when you setup security questions. This also (perhaps especially) applies to social networks including gaming
networks such as Xbox
• Understand that vanilla email is public so if you want to protect your communication (e.g. sensitive documents), at a
minimum put it in a password protected zip file and send the password via a different channel (phone or text). Some
secure email providers make this really simple. Ideally try to get people you care most about to understand the
danger. PROTON PROTON PROTON PROTON PROTON PROTON PROTON PROTON PROTON PROTON

• Use end-to-end encrypted messenger instead of SMS whenever possible, and advocate for those close to you to
consider doing the same. Signal is the safest bet.

• If you use cloud storage, use a service that can't read your content. Google drive, Microsoft OneDrive, iCloud,
DropBox and others look at your files and can turn them over to 3rd parties. Some will even takedown what you're
"not allowed to have". If you must use them, at least encrypt your data before it gets uploaded.

• Avoid unnecessary IoT devices (toys, appliances, cameras...) until the industry gets serious about security and privacy;
it will likely take a couple of years of disastrous breaches

• Block trackers and disable 3rd party JavaScript by default, only enabling it where required (e.g.: JavaScript libraries
delivered via large Content-Delivery-Networks). uBlock Origin addon makes this simple. This along with disabling
3rd-party cookies will probably defeat over 90% of cross-site tracking (and malware as a bonus) you'll encounter on
the web
For users who are even more concerned and are willing to put up with a more limited web experience
to protect their privacy
• When signing up for an account from which you don't really need to receive email (e.g.: forums, game apps) use a different throwaway email address for each account. A service such as
Guerrilla Mail will let you generate as many addresses as you need, and even receive email at that same address if you need to prove ownership of the account months later. If you use the same
email everywhere, it's easy for me to check whether you have an account at a service by trying to register that email.
• For the reason above, use a different username for each new account. This means of course that you should avoid using login with Facebook/Google/Amazon... and similar options when
you're not on that site. Not only does it tell Facebook/Google/Amazon even more about you every time you use the other site, but it creates a single point of failure: one hack and you're
screwed. Just create a new account for the site with a different username and password. A password manager is helpful here to keep track of all that.
•
• Make your browser even more private with advanced configs
• Use a 3rd party sandbox (e.g.: Sandboxie) when you browse and configure it to make sensitive parts of your drive (e.g.: Documents folder) inaccessible to the sandboxed processes. If
you get infected with something that tries to steal data from your drive, that folder will just look empty.
• (In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading.)
Too Complicated
You don’t need it
How to *start* privacy? How does one begin?

Step 1: Don't get disheartened.

The statement "They already know everything about me" sounds both fatalistic and like a good excuse to "just keep
usin" - after all, all is lost, right? However, this notion rests on a misconception: even if "they" did know everything about
you now (they probably don't), "they" will know less and less about you going forward, up to a point where - if you so
choose - you will completely drop off radar. Realise that only current data on you is truly valuable to "them", and most
of the data pertaining to you as a living, learning, growing person has a tendency to also change: over time, you will not
just shed your contact data, physical address, device IDs, etc., but also your interests, political leanings, consumer
behavior, social circles, etc. Who you are now is not who you are going to be in ten years' time, and thus by making
many little improvements in that time, you may help future you reclaim their privacy.

Step 2: Start anywhere, really.

Find a privacy-respecting replacement for a particularly invasive software or service you've grown to dislike. Learn to
use a new skill or piece of software that will help mitigate privacy risks. Read and study ways in which companies,
governments and other threat actors invade people's privacy, and how one can thwart these efforts. If "they know
everything", we can just start anywhere, right? Any little hole you plug will help. What's important is that you start doing
it, instead of worrying where to start.
Step 3: Learn to appreciate incremental improvement.
You can't get everything done in a day, and if you try, chances are you'll get overwhelmed by the amount of stuff there is
to do and learn, or frustrated by the amount of solutions that you haven't mastered completely yet. Do one bit at a
time, and once you've grown accustomed to the changes you've made, move on to the next one. Take the time to
appreciate that one little change you have successfully made a habit, and realise that it's yet another tiny step on your
journey towards a much larger goal.
Some art…
What’s The Need
Take a moment and think about some of the things you've searched for in Google.You'll probably think of the search
you did last night asking Google to tell you what ‘TL; DR' means and why JK Rowling is trying to ruin your childhood.
Our average searches probably don't amount to much more than the simple questions we're seeking answers to, which
have little impact on our lives now or in the future. But what about some of these?

• "what do red bumps on arms mean"

• "how to file for divorce"
• “am I gay"
• "how to treat hemorrhoids"
• "STD symptoms"
• "is a therapist worth it“
• "symptoms of depression“
• These searches are a bit more personal but are common questions asked every day in some form by millions of
people. Some of these questions are never uttered in real life to anyone, and only Google knows these inner
thoughts, questions, and fears.Yet, Google is collecting every one of those searches to profile you, used for targeted
advertising, and shared with dozens, if not hundreds, of other companies.

• In a world where data is collected, profiled, shared, and sold, is it really appropriate to have every search logged and
stored indefinitely? What if healthcare providers or employers get their hands on your profile and decide to make
decisions based on your search history? Maybe your health insurance raises your premiums because you're deemed
a higher risk of illness due to searching for symptoms too many times in a certain time frame. Or maybe you're
turned down for a job because one too many of your searches revolved around depression and anxiety.

• But all hope is not lost. A simple change to your search engine can limit a good amount of the data harvesting with
little impact on your day to day activities. Preferred engines – DuckDuckGo and StartPage

• With all of this said, the privacy search engines provide are only for your searches. As soon as you click a link, you're
subject to the tracking of that website.
First they came for the socialists, and I did not speak out— Because I was not a socialist.
Then they came for the trade unionists, and I did not speak out— Because I was not a trade
unionist.
Then they came for the Jews, and I did not speak out— Because I was not a Jew.
Then they came for me— and there was no one left to speak for me.

~Sun Tzu
Some more Reasons…

• Firstly, it’s important to understand that Each individual has a unique threshold where they balance privacy and
security with convenience…

• If you don't like being bombarded with ads made by sociopath marketing teams that try to use what they perceive
to be your insecurities as leverage. For most people, their personal privacy measures are pretty lax.

• Another reason is that companies have shown they do not have your best interest in mind and are poor stewards of
your data. This is shown time again with massive data breaches caused by negligent security practices, things like
leaving all customer data in plain text on a server that requires no authentication.

• There is a massive market around collecting seemingly innocuous data about you, correlating it, and comparing you
with other data profiles to infer details about your identity and behavior. To our knowledge, this data is used for
seemingly benign reasons, like making sure you are who you are when logging into your bank, or selling you a power
washer because it's spring and you're a guy who owns a house in the suburbs. But, we're already seeing this data
abused.
People saying you may be kidnapped in the night by your government are suggesting extreme examples. Here are the
things I'm more worried about:

• Insurance companies increase your premium because they purchase data about what you eat collected by your
grocery store.
• A venue denies you access because they relied on a false profile of you that indicated a criminal history.
• A police officer decides you're getting the biggest ticket he can stick you with because of a social media post you
made supporting deportation of Bangladeshi Immigrants.
Because you never know when they might come for you
~Sun Tzu
But….
“But corrupt regimes will just fake evidence anyway . Just
because your phone data doesn't put you in a particular
geographical area won't stop them from taking you away . In
fact, if I ran the regime I'd be looking for people with very low
digital foot prints as they are the citizens you either need to
employ or imprison.”
don't think having a low data footprint will stop governments from taking you in
the middle of the night if they deem it necessary, remember if we're at that stage
evidence is not a prerequisite to being guilty of something.
Data privacy is mostly to protect yourself from identity theft and being a product
that Corporations can make money off .
privacy is securing your life and digital belongings to a level that
a wrongful police investigation can't access.
Why should you be accepting of your digital possessions ‘being
stolen' & perhaps being used against you? when you can quite
easily stop this.
“But….

Noooooooooooo”
'Everything you say can and will be used against you’.
~sun tzu

All the data that is being harvested will be used to squeeze

even more money out of your pocket. It will get turned against
you and 'they' (= the ones in power) will gather more control
over how you spend your time and money.
“I’ve got into the privacy rabbit hole and now I think it’s meaningless”

Here’s how to stay sane.

do all the obligatory stuff and be careful what entities you give any information to, and only
give organizations real info when you have no choice...work, voting, and so on.
You can pay DeleteMe to remove the easy to find stuff. This is pretty much akin to buying
a lock for your door. It's not going to stop a motivated pro, but it will give the people
looking for an easy opportunity, employers, first dates, and the average person who knows
how to search a dead end.
don't pull your hair out trying to be 100% private and anonymous in every single day-to-
day activity. It's not only hopeless, it's unnecessary. All your emails don't need to be
through Proton. All your internet searches don't need to be through TOR.
 The right attitude to have would be……

“Were I ever to be investigated or detained by border patrol, I WANT to be able to

say, "So you want to see all this boring shit? Want to know where I order pizza from?
The route to my Mom's house? Which tech videos I watch and music I listen to?
Want to see some contacts? Here. Have at it! Go to town!".
But, when I need to do something anonymously, encrypted, that doesn't leave a
trace...I know how to do that and that gives me peace of mind.

still go through the motions, compartmentalize, and be careful in how you use the
internet and your devices. WHEN NEEDED
you don't need to live every moment like a Cold War spy behind the Berlin Wall.”

Btw Proton provides easy-to-use encrypted email built on the

principle of your data, your rules.Your privacy is ensured by
strong encryption, open-source code, and Swiss privacy laws
• StartPage.com for Google search results in privacy
• DuckDuckGo for Yahoo/Bing search results in privacy
Switching search engines alone makes a huge difference!

All recommended privacy tools on one single page got to

https://www.privacyguides.org/en/tools/
LinkedIn
Date: 2012 (and 2016)
Impact: 165 million user accounts
Details: As the major social network for business professionals,
LinkedIn has become an attractive proposition for attackers
looking to conduct social engineering attacks. However, it has
also fallen victim to leaking user data in the past.
In 2012 the company announced that 6.5 million unassociated
passwords (unsalted SHA-1 hashes) were stolen by attackers
and posted onto a Russian hacker forum. However, it wasn’t
until 2016 that the full extent of the incident was revealed. The
same hacker selling MySpace’s data was found to be offering the
email addresses and passwords of around 165 million LinkedIn
users for just 5 bitcoins (around $2,000 at the time). LinkedIn
acknowledged that it had been made aware of the breach, and
said it had reset the passwords of affected accounts.
Marriott International
Date: 2014-18
Impact: 500 million customers
Details: Marriott International announced in November 2018
that attackers had stolen data on approximately 500 million
customers. The breach initially occurred on systems supporting
Starwood hotel brands starting in 2014. The attackers remained
in the system after Marriott acquired Starwood in 2016 and
were not discovered until September 2018.
The attackers were able to take some combination of contact
information, passport number, Starwood Preferred Guest
numbers, travel information, and other personal information.
The credit card numbers and expiration dates of more than
100 million customers were believed to be stolen, but Marriott
is uncertain whether the attackers were able to decrypt the
credit card numbers. The breach was eventually attributed to a
Chinese intelligence group seeking to gather data on US
citizens, according to a New York Times article.
MySpace
Date: 2013
Impact: 360 million user accounts
Details: Though it had long stopped being the powerhouse that
it once was, social media site MySpace hit the headlines in 2016
after 360 million user accounts were leaked onto both
LeakedSource (a searchable database of stolen accounts) and
put up for sale on the dark web market The Real Deal with an
asking price of 6 bitcoin (around $3,000 at the time).
According to the company, lost data included email addresses,
passwords and usernames for “a portion of accounts that were
created prior to June 11, 2013, on the old Myspace platform.”
According to Troy Hunt of HaveIBeenPwned, the passwords
were stored as SHA-1 hashes of the first 10 characters of the
password converted to lowercase.
NetEase
Date: October 2015
Impact: 235 million user accounts
Details: NetEase is a provider of mailbox services through the
likes of 163.com and 126.com. It was reported in that email
addresses and plaintext passwords of some 235 million
accounts from NetEase customers were being sold by a dark
web marketplace vendor known as DoubleFlag. The same
vendor was also selling information taken from other Chinese
giants such as Tencent’s QQ.com, Sina Corporation and Sohu,
Inc. NetEase has reportedly denied any breach.
HaveIBeenPwned lists this breach as “unverified.”
Sina Weibo
Date: March 2020
Impact: 538 million accounts
Details: With over 500 million users, Sina Weibo is China’s
answer to Twitter. However, in March 2020 it was reported that
the real names, site usernames, gender, location, and -- for 172
million users -- phone numbers had been posted for sale on
dark web markets. Passwords were not included, which may
indicate why the data was available for just ¥1,799 ($250).
Weibo acknowledged the data for sale was from the company
but claimed the data was obtained by matching contacts against
its address book API. It also said that since doesn't store
passwords in plaintext, users should have nothing to worry
about. This, however, doesn’t tally as some of the information
being offered such as location data, isn’t available via the API.
The social media giant said it had notified authorities about the
incident and China’s Cyber Security Administration of the
Ministry of Industry and Information Technology said it is
investigating.
DIGITAL PRIVACY AND BUSINESS
o HOW COMPANIES HANDLE CUSTOMER DATA
o THE ROLE OF PRIVACY POLICIES
HOW COMPANIES HANDLE CUSTOMER DATA?

• Data Protection Policies

• Consent and Transparency

• Data Encryption

• Access Controls

• Data Minimization

• Regular Audits

• Data Retention Policies

• Employee Training

• Incident Response Plan

• Compliance with Regulations

• Third-Party Vendors

• Privacy by Design

• Customer Rights

• Transparency Reports

• Ethical Considerations
THE ROLE OF PRIVACY POLICIES
• Informing Customers
• Consent and Compliance
• Data Usage Guidelines
• Data Security Measures
• Data Sharing and Third Parties
• Retention and Deletion Policies
• Access and Correction Rights
• Compliance with Regulations
• Transparency and Accountability
• Internal Guidelines
• Consumer Education
MEME TIME…
PRIVACY IN EMERGING TECHNOLOGIES
❖ AI, IOT AND THEIR IMPLICATIONS FOR PRIVACY
AI,IOT AND THEIR IMPLICATIONS FOR PRIVACY

• AI Implications
• Data Processing
• Data Inferences
• Algorithmic Bias
• Deep Learning
• IoT Implications
• Data Proliferation
• Data Security
• Location Data
• Interconnected Data
AI,IOT AND THEIR IMPLICATIONS FOR PRIVACY

• Implications for Digital Data Privacy

• Consent and Transparency
• Data Minimization
• Security Measures
• Ethical Considerations
• User Control
• Transparency Reports
FUTURE TRENDS
THE EVOLVING LANDSCAPE OF DIGITAL PRIVACY
THE EVOLVING LANDSCAPE OF DIGITAL PRIVACY
• Heightened Regulatory Environment

• Increased User Awareness

• Privacy-Enhancing Technologies (PETs)

• Data Minimization and Anonymization

• AI and Machine Learning for Privacy

• Blockchain for Data Security

• Quantum Computing and Encryption

• Biometric Data and Privacy Concerns

• Cybersecurity and Privacy Integration

• Internet of Things (IoT) Privacy

• Health Data Privacy

• Data Transfer Mechanisms

• Privacy and Ethical AI

• Privacy Education and Training

• Privacy Advocacy and Activism

THANK YOU