Dave Lewis

'Free' Online Services Make You The Target

Blog Post created by Dave Lewis Employee on Jun 22, 2015

Early Tuesday morning, I found myself in a cab racing across Berlin to the FIRST incident response security conference. I was running with no coffee and normally this would be ill advised. Today I was motivated as I was heading there to see the keynote presentation from Mikko Hypponen. This morning address, entitled “Securing the Future."


His talk started off with a discussion of privacy, or rather the lack thereof, that exists online today. He is very correct on this point. We find all manner of “free” services online. Most people never take the moment to pause and consider how these companies are able to exist at all. Where do they derive their revenue from? Well, you. Your data is what these companies want and need in order to exist.


According to Hypponen, the really eye-opening part comes when one tries to create an advertisement on a social media site such as Facebook or Twitter. The level of granularity in the targeting that is available to the advertiser is almost Orwellian in nature. This makes one wonder, how do they have this amount of data as it pertains to a Twitter account as an example?


Well, then creating a targeted advertisement you can drill down into all sorts of data. Some examples are the revenue of the household, number of people living there or the ages of those people. There was even a setting for “expecting mother.” I started to feel rather uncomfortable seeing this granularity that was readily available for an advertiser.


This information is available thanks to the interconnects with data warehousing companies. These companies harvest information on shopping histories and buying patterns from credit card companies. This is perfectly legal I should point out. But, when you leverage that data to target advertising it gets really creepy.


Now, what links all of this information together? What is the Rosetta Stone that marries the purchasing history with a social media account? Well, that would be your mobile phone number. While this isn’t 100% for the linkages it is far better than one might imagine. Your cell phone is on record with your credit card companies and now, in many cases, your mobile phone is linked with your social media accounts.


How is this linkage possible you might ask? All in the name of security. Social media accounts like to request your mobile phone number to “verify” you are who claim to be as well as using this for their implementation of two factor authentication. Quietly getting you to offer up your mobile number in the name of security by sacrificing privacy. This would be a huge treasure trove if a company could harvest your mobile phone numbers.


This brings to mind the purchase of WhatsApp by Facebook in 2014 for the handsome sum of $22 billion. At the time I must admit that I scratched my head trying to understand why they would spend this kind of money. Now, it is far more clear after Hypponen's talk. Each one of those accounts is linked to a mobile number.


So what is to be done? Well, this is an example of the old idiom “there are no free lunches.” Your privacy is being sold and we are more than happy to cough up our mobile numbers and personal information in the hopes of sharing more pictures of our meals, "Game of Thrones" perspectives and cat pictures.


Originally posted on Forbes.