Key Privacy and Security Problems

From Internet Security Info
Jump to: navigation, search

Other languages:
English • ‎русский

Metadata Leakage

Metadata is information that is not data, but is directly related to it, that is, if you transfer some data (message/sound/video/voice) with it, you can receive a huge amount of metadata, which is often the following:

  1. The sender and receiver's user accounts.
    Since centralized systems now require more personal data, user accounts have become almost like a passport.
    (only in centralized systems)
  2. The sender's IP address.
    Without the use of additional masking tools, IP addresses provide information about the physical location of the user at the time of data transmission.
    (in centralized and decentralized systems)
  3. Unique device ID (computer, telephone, tablet, game console, any smart-device with access to the internet).
    Allows your device to be identified with almost 100% accuracy.
    1. Unique web browser ID.
      If you do not use any means of protection, then your device can be identified through your browser (Mozilla (Firefox, Seamonkey, Thunderbird), MS (Internet Explorer, Edge), Google (Chrome, Chromium), Webkit, Qtwebengine).
      (only in centralized systems)
    2. Unique operating system ID.
      Allows your device to be identified, used in programs that are not web browsers to monitor users (Telegram, WhatsApp, Viber, Discord)
      (in centralized and decentralized systems)
    3. Unique program-generated ID.
      Many programs generate an unique ID when installing or registering on a centralized system with which they interact, this ID allows a specific installation of a program to be identified.
      (in centralized and decentralized systems)

There is also a huge amount of different types of metadata that would not make sense to cover here in detail, as you can easily find all information about them on the internet.
It is also worth noting that each type of metadata does not pose a big threat individually, but when they are pieced together, you can learn a lot of information about a person, including more obscure information.
Metadata usually takes up a magnitude of less space than data itself, making it much more convenient for long-term storage.
In modern practice, metadata is often used to harass people and as leverage in court, for example, some time ago the US military sent missiles to the mobile phones of "potential terrorists" based on metadata.

Data Leakage

Data leakage is a situation when data is accessed by someone for whom it is not intended.

  1. Data leakage to/from a communication services server(s).
    The essence of the problem is that servers have access to data even after it has been delivered to the recipient.
    Let's use the social network model as an example:
    1. User1 sends a message to User2.
    2. The message is saved to the server.
    3. User2 receives the message from User1
    4. The message is still saved to the server afterwards.
      "At the moment, most text messages in centralized systems are stored forever, no matter what anyone says, technically it is not particularly difficult."
  2. The transmission of unencrypted or poorly encrypted data.
    Today (2018) transmitted data is rarely unencrypted, but is transmitted so nonetheless, and there are also many cases where unreliable encryption is used.
    The problem is that all nodes through which data passes receive access to the transmitted data:
    1. Your neighbors
      (not always, it depends on the technology used by the internet service provider)
    2. Your internet provider
      (always)
    3. Superior internet providers
      (always)
  3. Cracking encrypted data.
    Read the previous paragraph.


Summary

In our digital age, by having a person's data and metadata, you can learn everything about them.
The majority of major centralized systems for organizing data exchange such as (Google, Facebook, Vkontakte, Telegram, WhatsApp, Viber,.... the list could be very long) sell their users' metadata (officially) and data (often in ad chains), and not only that... Also, data leakage is often not due to technical reasons, but is the result of staff negligence.
Writing about these problems could take even longer, but I think for a cursory review, this information will be enough: there is a video of a speech from an American private detective, I recommend watching it if interested. Also, note that this is quite an old video, over 10 years old, since then the situation has not gotten any better. Watch it here.
You can acquaint yourself with our recommendations on how to minimize metadata and data leakage, along with our hardware and software solutions.