| Both sides previous revisionPrevious revision |  | 
| основные_проблемы_приватности_и_безопасности [2022/06/13 13:31] –  sss
 | основные_проблемы_приватности_и_безопасности [2022/06/13 14:55] (current) – [Metadata Leakage]  sss
 | 
|---|
|  | ====== Основные_проблемы_приватности_и_безопасности ====== | 
|  |  | 
|  |  | 
|  | ====== Metadata Leakage ====== | 
|  | [[https://en.wikipedia.org/wiki/Metadata|Metadata]] is information that is not data, but is directly related to it, that is, if you transfer some data (message/sound/video/voice) with it, you can receive a huge amount of metadata, which is often the following: | 
|  | - The sender and receiver's [[https://en.wikipedia.org/wiki/User_(computing)#User_account|user accounts]]. Since centralized systems now require more personal data, user accounts have become almost like a passport. //(only in [[Существующие_решения_для_организации_связи#.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C.3C.3E.D0.A1.D0.B5.D1.80.D0.B2.D0.B5.D1.80_.28_.D1.86.D0.B5.D0.BD.D1.82.D1.80.D0.B0.D0.BB.D0.B8.D0.B7.D0.BE.D0.B2.D0.B0.D0.BD.D0.BD.D0.B0.D1.8F_.D0.BC.D0.BE.D0.B4.D0.B5.D0.BB.D1.8C_.29|centralized systems]])// | 
|  | - The sender's [[https://en.wikipedia.org/wiki/IP_address|IP address]]. Without the use of additional masking tools, IP addresses provide information about the physical location of the user at the time of data transmission.//(in [[Существующие_решения_для_организации_связи#.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C.3C.3E.D0.A1.D0.B5.D1.80.D0.B2.D0.B5.D1.80_.28_.D1.86.D0.B5.D0.BD.D1.82.D1.80.D0.B0.D0.BB.D0.B8.D0.B7.D0.BE.D0.B2.D0.B0.D0.BD.D0.BD.D0.B0.D1.8F_.D0.BC.D0.BE.D0.B4.D0.B5.D0.BB.D1.8C_.29|centralized]] and [[Существующие_решения_для_организации_связи#.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C.3C.3E.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C_.28_p2p_.29|decentralized systems]])// | 
|  | - Unique device ID (computer, telephone, tablet, game console, any smart-device with access to the internet). Allows your device to be identified with almost 100% accuracy. | 
|  | - Unique [[https://en.wikipedia.org/wiki/Web_browser|web browser]] ID. If you do not use any means of protection, then your device can be identified through your browser (Mozilla (Firefox, Seamonkey, Thunderbird), MS (Internet Explorer, Edge), Google (Chrome, Chromium), Webkit, Qtwebengine). //(only in [[Существующие_решения_для_организации_связи#.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C.3C.3E.D0.A1.D0.B5.D1.80.D0.B2.D0.B5.D1.80_.28_.D1.86.D0.B5.D0.BD.D1.82.D1.80.D0.B0.D0.BB.D0.B8.D0.B7.D0.BE.D0.B2.D0.B0.D0.BD.D0.BD.D0.B0.D1.8F_.D0.BC.D0.BE.D0.B4.D0.B5.D0.BB.D1.8C_.29|centralized systems]])// | 
|  | - Unique [[https://en.wikipedia.org/wiki/Operating_system|operating system]] ID. Allows your device to be identified, used in programs that are not web browsers to monitor users (Telegram, WhatsApp, Viber, Discord) //(in [[Существующие_решения_для_организации_связи#.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C.3C.3E.D0.A1.D0.B5.D1.80.D0.B2.D0.B5.D1.80_.28_.D1.86.D0.B5.D0.BD.D1.82.D1.80.D0.B0.D0.BB.D0.B8.D0.B7.D0.BE.D0.B2.D0.B0.D0.BD.D0.BD.D0.B0.D1.8F_.D0.BC.D0.BE.D0.B4.D0.B5.D0.BB.D1.8C_.29|centralized]] and [[Существующие_решения_для_организации_связи#.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C.3C.3E.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C_.28_p2p_.D0.B4.D0.B5.D1.86.D0.B5.D0.BD.D1.82.D1.80.D0.B0.D0.BB.D0.B8.D0.B7.D0.BE.D0.B2.D0.B0.D0.BD.D0.BD.D0.B0.D1.8F_.D0.BC.D0.BE.D0.B4.D0.B5.D0.BB.D1.8C_.29|decentralized]] systems)// | 
|  | - Unique program-generated ID. Many programs generate an unique ID when installing or registering on a centralized system with which they interact, this ID allows a specific installation of a program to be identified. //(in [[Существующие_решения_для_организации_связи#.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C.3C.3E.D0.A1.D0.B5.D1.80.D0.B2.D0.B5.D1.80_.28_.D1.86.D0.B5.D0.BD.D1.82.D1.80.D0.B0.D0.BB.D0.B8.D0.B7.D0.BE.D0.B2.D0.B0.D0.BD.D0.BD.D0.B0.D1.8F_.D0.BC.D0.BE.D0.B4.D0.B5.D0.BB.D1.8C_.29|centralized]] and [[Существующие_решения_для_организации_связи#.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C.3C.3E.D0.9F.D0.BE.D0.BB.D1.8C.D0.B7.D0.BE.D0.B2.D0.B0.D1.82.D0.B5.D0.BB.D1.8C_.28_p2p_.D0.B4.D0.B5.D1.86.D0.B5.D0.BD.D1.82.D1.80.D0.B0.D0.BB.D0.B8.D0.B7.D0.BE.D0.B2.D0.B0.D0.BD.D0.BD.D0.B0.D1.8F_.D0.BC.D0.BE.D0.B4.D0.B5.D0.BB.D1.8C_.29|decentralized]] systems)// | 
|  | There is also a huge amount of different types of metadata that would not make sense to cover here in detail, as you can easily find all information about them on the internet. It is also worth noting that each type of metadata does not pose a big threat individually, but when they are pieced together, you can learn a lot of information about a person, including more obscure information. Metadata usually takes up a magnitude of less space than data itself, making it much more convenient for long-term storage. In modern practice, metadata is often used to harass people and as leverage in court, for example, some time ago the US military sent missiles to the mobile phones of "potential terrorists" based on metadata. | 
|  |  | 
|  | ====== Data Leakage ====== | 
|  | Data leakage is a situation when data is accessed by someone for whom it is not intended. | 
|  | - Data leakage to/from a communication services server(s). The essence of the problem is that servers have access to data even after it has been delivered to the recipient. Let's use the social network model as an example: | 
|  | - **User1** sends a message to **User2**. | 
|  | - The message is saved to the server. | 
|  | - **User2** receives the message from **User1** | 
|  | - The message is still saved to the server afterwards. "At the moment, most text messages in centralized systems are stored forever, no matter what anyone says, technically it is not particularly difficult." | 
|  | - The transmission of unencrypted or poorly encrypted data. Today //(2018)// transmitted data is rarely unencrypted, but is transmitted so nonetheless, and there are also many cases where unreliable encryption is used. The problem is that all nodes through which data passes receive access to the transmitted data: | 
|  | - Your neighbors //(not always, it depends on the technology used by the internet service provider)// | 
|  | - Your internet provider //(always)// | 
|  | - Superior internet providers //(always)// | 
|  | - Cracking encrypted data. Read the previous paragraph. | 
|  |  | 
|  |  | 
|  | ====== Summary ====== | 
|  | In our digital age, by having a person's data and metadata, you can learn everything about them. The majority of major centralized systems for organizing data exchange such as (Google, Facebook, Vkontakte, Telegram, WhatsApp, Viber,.... the list could be very long) sell their users' metadata (officially) and data (often in ad chains), and not only that... Also, data leakage is often not due to technical reasons, but is the result of staff negligence. Writing about these problems could take even longer, but I think for a cursory review, this information will be enough: there is a video of a speech from an American private detective, I recommend watching it if interested. Also, note that this is quite an old video, over 10 years old, since then the situation has not gotten any better. Watch it [[https://www.youtube.com/watch?v=DaYn_PkrfvQ|here]]. You can acquaint yourself with our [[Общие_рекомендации_по_безопасности|recommendations]] on how to minimize metadata and data leakage, along with our [[Рекомендованные_программные_решения|hardware and software solutions]]. |