A common life hack most of us follow to avail specific bank-related offers on e-commerce websites is by asking for credit/debit card details from others. The mutual trust between the two parties makes us take this risky step. Though this is something most of us can relate to, there can be other scenarios as well where we share some kind of confidential information with others. We are fine with this sharing as long as we trust or perhaps ignore the most important party involved: The Transport Medium.

Vulnerable Transport

Things: living and non-living, communicate with each other via a medium. This medium can be anything like a face-to-face conversation, a post, a phone call, or the entire list of internet technologies. Sharing confidential information through these mediums has always been risky and thus there exist practices like Cryptography to ensure a secure transfer of information in the presence of adversaries. Let’s look at the unseen security vulnerabilities of the common mediums we use these days and understand why trusting these mediums can potentially harm us.

The Internet

Among all the mediums, applications on the internet are the most vulnerable and the least trusted. Every app is tracking user activity in some form and though most of them promise to keep it safe the increasing number of data theft and other cybercrimes suggest us to not trust them blindly. It isn’t safe to assume that sharing a picture of your credit card or manually typing all the details as a text message on WhatsApp and deleting it afterwards really deletes it from web history. You should accept the fact that nothing ever gets deleted from the internet. From personal experience and from people working in large companies I know that whenever a destructive action like “Delete” is encountered in an application then the record is not deleted from the memory it is just “Marked as Deleted” and is kept hidden from the user. You should also know that everything we do on the internet is in some way evaluated by a Machine Learning algorithm. That means these companies can look into our data and can use it for their benefit.

Like chat applications, emails also aren’t safe, every email we send and receive is scanned by robots and their data is scraped to find useful information. One recent example of this is Amazon stops sharing product details in emails.

Another example of tracking user activity is to serve targeted ads, if you simply search on the internet you’ll find many articles and blog posts like these Facebook and Instagram user tracking where the users buying behavior changed because of specific ads. I have also talked about the tracking in a different blog post on this website.

Other than this there some advanced attacks like Man-In-The-Middle(MITM) where a person/machine actually sees your entire network activity.

There are many other ways in which your online presence can be used for someone else’s benefit and compiling a list of them in one single post is nearly impossible.

Phone Calls and Face-to-Face Conversations

Phone calls and conversations are relatively safer than using the internet in a way that there probably isn’t anyone eavesdropping on your conversations. But an old picture shared by Mark Zuckerberg revealed tricks he uses to safeguard his private conversations as well. We probably might not go into so much detail but there’s something we can look into here as well.

If you have a smartphone it’s probably listening to most of your conversations. Voice assistants like Siri and Google Assistant are hearing each word you are speaking, I am not saying that it is doing something with it but it does listen to us and triggers some functionalities when the spoken words match with the hot words like Hey Siri, Ok Google, etc. You might be able to recall a few instances where you didn’t ask but the assistant showed up. I personally have seen Siri being launched automatically even when I didn’t need it.

Privacy vs Convenience

This whole thing is indeed frightening and honestly, it does make me think of reducing my internet usage but at the same time not using the internet makes my life inconvenient. We are actually trading convenience with privacy and security, the more secure we try to make things the more inconvenient they become. This is nicely explained by Kalle Halden on How To Become Invisible Online. This video will probably give you an idea of where you stand on the Security vs Convenience graph and will help you figure out what actions you need to take to get your privacy in your control. I used to have a balance between convenience and security but these days I am leaning more towards online safety and to max out on convenience I build my own tools to save personal data and host it on my personal servers. For instance, as a side-project, I am currently working to on a web application where I can create one-time-access links to share confidential information with others, but let’s talk about it in more detail in a different post some other day.

I hope you liked reading this. I’ll be happy to discuss about your thoughts on this topic and would love to know what you are doing to safe-guard your conversations and online activity.