Why we need to worry about online privacy

Karkhana Pvt Ltd
August 26, 2021

Do you have a social media account? Or a YouTube channel or a TikTok account? There are so many ways to share information today that it’s hard to believe that just a decade ago blogs were probably one of the few easy mediums to share information on the internet. Today you can share photos and videos with ease. But are you aware of the lesser visible parts of the information sharing system? In this article we shall explore the issues of online privacy.

Most people love to post their photos on Facebook or Instagram. Some people also post photos of their children and parents. I wonder how many of them know where those photos go once you “post” them on a platform. Most people’s response to this question is – It’s on the internet. But where’s the internet? It might surprise a few of our readers to know that digital is actually physical. What that means is the information that’s on the internet is stored in large arrays of hard drives in the remote servers of the tech companies such as Facebook and Google. Yes, your photos and videos are actually stored in some hard drive to which you don’t have access to. And yes, it can be accessed by the authorized people at the tech companies and in cases of security breach it can fall into the wrong hands. Furthermore, the information that you share doesn’t reach the main server directly but goes through multiple transition servers. Each of those servers has a copy of the information you sent.

Around eight years ago I watched a movie named “The social network.” One of the dialogues from that movie stuck with me although I didn’t know what it exactly meant back then –“Internet is written in ink.” It’s a poetic way to indicate the permanency of information that’s shared online. You can write anything you want with ink, but unlike pencil you can’t erase it. That’s how the internet is. You can upload anything, but you can never completely delete it. The reason being all the copies of your information stored in those servers. There can be other less ethical reasons too. For example, someone might have saved a copy of your information before you managed to delete it. Downloading, copy-pasting, screenshot, screen-recording… There are plenty of ways to save something on your device. On Facebook, anyone is allowed to download a photo that they can see. Instagram doesn’t have a download option but it doesn’t prevent users from taking screenshots. Although you can configure your security setting so that people cannot screenshot your Facebook or Instagram profile through the app, there are plenty of easy ways to bypass the security restrictions. 

So what if someone has a photo or a video of yours? What might be the worst that can happen? Let’s dig deeper into it too. For starters, with enough information about you, someone can create a fake profile. The intention might be something directly harmful like character assasination, defamation or fraud.  Here is an article showing how fraud through fake facebook profiles is on the rise in Andhra Pradesh, India. 

It is also possible that a catfish trying to assume a fake identity online might use your photos to make themselves appear more credible. Sadly, something like this had been done by a friend of mine during our undergraduate days. Let me briefly recall the incident. I was in Bangalore, India at that time. My friend, the catfish, was also in Bangalore but in a different college. He wanted to prank another Nepali boy in his hostel. For this purpose he created a fake facebook account as a female and used the photo of his ex-girlfriend as the face of the fake persona. The persona was of our age, from northern India, and was studying in the same state as us but in a different city. In a few days, the targeted boy received a friend request from the girl, actually the catfish. They started to exchange text messages. As they got to know each other, the boy asked to talk on a video call but his request was always met with denial, saying that she was shy to appear on video and she couldn’t talk on voice call because she wasn’t comfortable speaking while her roommates overhear her conversation. The boy kept expressing his desire to meet in person, so after a few months the girl finally agreed to meet in Goa. He had booked his tickets and was getting ready for the trip when finally the catfish came forward and revealed that he had been impersonating the girl. He added that it was just a prank and he didn’t think things would go this far. The guy who got catfished was overwhelmed by grief and shame. As you might have noticed, there were many red flags but the victim couldn’t spot, or ignored, them. This happens when you desperately want something to be true and willingly close your eyes. This is a characteristic common among catfishing victims.

Recent groundbreaking progress in the field of machine learning have given new heights to face recognition and construction technology. Deepfake technology has made it possible to replace people in images and videos, with a fairly convincing accuracy. Here’s a short, interesting video about it. Currently the deepfake technology requires a lot of skills and powerful computers. But wasn’t that the case a decade ago with photo/video editing? It’s likely that deepfake will be a lot more accessible in the future. It already is to a certain extent. Tools are already available to enable people to make deepfakes. Some companies make them for you and do all the processing on their servers. There’s even a mobile phone app, Zao, that lets users add their faces onto movie clips, letting them cosplay their favourite characters. The app has sparked concerns regarding privacy. “We are exactly 30 seconds away from this tech being used to end a marriage, wreck a career, put someone in prison, or start a war,” author Myke Cole expressed his apprehension in a widely retweeted comment. 

Here is a TED talk titled – How deepfakes undermine truth and threaten democracy which talks about how a Deepfake video was used to attack Indian journalist Rana Ayyub in retaliation to her work exposing government corruption and human rights violation

We have sensitive information other than our photos and videos. Our passwords and usernames, bank details, contact information, address, date of birth – all of these are extremely sensitive information that needs to be kept to ourselves. 

Ten years ago, while travelling back to home from college on a bus, I saw somebody’s phone number scribbled on the back of a seat. It was a curious moment. An array of questions had risen in my mind – whose number is it? Why is it here? Do people who see this make the call? Does someone pick up? Would the person like to receive so many calls from strangers? Back then, phone numbers were only means of calling someone. Today, they are the gateway to many online services like e-banking, digital wallet and social media accounts. 

I have seen people carelessly mention their DOB, phone number, email ID, old passwords and even address in the comment sections of Facebook and Instagram. In a country like Nepal where digital literacy is low, people have little concerns about private information. Just last year, I was appalled to see the Tribhuvan University administration put in the contact details of all the students of my class in a google sheet and make it publicly accessible. The idea was to share with each student his/her university email address(and password). It seems they were unable to think of a better, more secure way. Or the lack of privacy concerns in our country made them take shortcuts. Let’s examine some of the consequences of the university admin sharing contact details of the students.

  • Someone with the above information can get access to my email account through alternative login methods they offer if you “forget password.” Phone numbers and email addresses are often the login information one used to access social media platforms. 
  • An attacker could use the personal information linked to my phone number to trick a customer service representative for my phone carrier into porting my number onto a new SIM card, thus hijacking my digits. The person could then break into my accounts if I had mechanisms in place to receive a security code in a text message when logging in to an online account. A scammer could also use my hijacked phone number to trick members of my family into sharing their passwords or sending money.
  • Ad tech agencies can create a detailed profile about me, linked to other information about my identity and web-browsing activities. Marketing agencies could add my contact information to their database to send me spam calls and text-messaged promotions.

When people encounter all this information about the risks of online privacy, the first thing it does is make you afraid or you start getting worried. Investing some time to properly educate oneself on digital literacy will help people become more careful and confident citizens of the digital world.