Probably the best part of my job is the fact that I can help people stay safe whilst using various technologies, and whilst I predominantly educate adults, wherever I can, I take the opportunity to educate and help the younger minds understand how to safely use what I consider to be one of mankind's greatest achievements – The Internet/WWW.
As such, I'm delighted to write about, and help promote Safer Internet Day.
For those who have never heard about this, Safer Internet Day is celebrated globally in February each year to promote the safe and positive use of digital technology for children and young people and inspire a national conversation.
Coordinated in the UK by the UK Safer Internet Centre the celebration sees hundreds of organisations get involved to help promote the safe, responsible and positive use of digital technology for children and young people.
Globally, Safer Internet Day is celebrated in over a hundred countries, coordinated by the joint Insafe/INHOPE network, with the support of the European Commission, and national Safer Internet Centres across Europe.
So, for this blog, I want to talk about digital profiles and how easy it is for someone to collate pieces of information about you to then masquerade as someone you know.
As someone who has celebrated their 21st birthday more than once, I fall into the demographic of people who remember a time before the Internet and the WWW existed. Back then, the world was a much smaller place (figuratively speaking), the only people who knew who you were, where you were, and what you were doing were your friends and family (although we tried our hardest to stop family knowing where we were and what we were doing – but that's another set of stories for another time!)
Nowadays, with an ever-connected world, its quite difficult to hide your activities. What I aim to do here is give you some pieces of information for you to take on board. I don't want to go down the route of being a scare-monger, I want to inform you so that you can understand the issues and make your own, informed risk decisions.
First, lets look at the device you use.
Most people young and old alike nowadays do the majority of their online activities via a mobile device. The important thing to remember with mobile devices is that to be mobile, they need to know where they are. So, the question is - how do they do that?
Both Android and Apple devices use various ways of detecting their location, they can use GPS (The Global Positioning System), they can use cell-phone tower triangulation, and they can use wi-fi network statistics.
GPS works great only when various conditions are met – cloudy days can interrupt GPS signals and give false, or no positioning. GPS doesn't work very well in built-up cities, or indeed at all when indoors.
Cell-phone tower triangulation works OK for a rough estimate of where you are, but it's not accurate enough to be used for direction finding when you are lost. This is where wi-fi comes in.
Just think of the billions of devices around the world which are constantly broadcasting their data for mobile devices to see and interact with.
When you open a mobile mapping app such as Google maps, your device sends to Google all the information it has about all the wireless devices it can see signals for. Google cross-reference this data with the data it knows about wireless networks and deduces from that where you are.
Now, every time someone uses Google maps, they tell Google about the wireless networks they can see, and its possible that they can see a new network Google doesn't know about. But now they do – you've just told them that the network is in the vicinity of all the other networks Google does know about – so they just add that to the ever-growing database of network locations.
This Wi-Fi network data is not just collected when you open a mapping application, it's collected all the time and any application with access to your device's location services can access it.
So – Risk No1. Be mindful of the access you grant when installing apps – think – "does the app really need access to your location data?"
Now let's think about the networks you connect your devices to.
Mobile telephony companies no longer make huge piles of money out of calls and texts, this is why they throw 1,000's of minutes and messages at you for free. These companies make their money from data plans. Not everyone can afford 20 – 30 Gb data plans, and so have to ration data carefully.
This fact is what many people use to offer 'Free wi-fi'.
By offering free wi-fi, companies know that people will sign-up to save using precious data plans. However, by using their network, they can collect statistics about the user. Some networks even ask you to sign-up via Facebook or Twitter – if you do this then they get access to your Social media profile data, so they know your name, your likes, your friends, age, and anything else you have on your public profile page.
So – Risk No2. Do you want other networks to know who you are? Consider signing up for free networks with an email address you only use for that purpose which isn't linked to your true identity.
Another network risk is the web surfing you do whilst on someone’s network. Even if your connections are encrypted via HTTPS, the network operator can still identify which websites you are using, and even decipher what you are doing by examining the adverts you see, as these are not usually encrypted.
So – Risk No3. Do you want network owners to know what site you visit – if not, then think about using a VPN provider to encrypt all the traffic from your device, regardless of network you are using.
Finally (although I could go on for pages with this topic!) – Let's examine you!
Ultimately, you are the only person who can stop the spread of your data online. You are the one in control of how much you post on Social media whether that be Facebook, Instagram, SnapChat, Twitter, LinkedIn, YouTube, etc.
Think about how easy it can be to link your social media accounts together. For example, on Facebook you've added your date of birth because you want all your friends to wish you happy birthday when it comes around. It's not hard to work out your age from this - that's generally how it's done!
On SnapChat you have enabled location access to show your friends where you are on SnapMap and it shows you outside school every day. On YouTube you've commented on a video of a music artist you like, on Instagram you post a picture of a new sports kit you've got for hockey or football practice.
Pieces of info like this are easy to link together to work out your age, location, the fact you do after school sports practise and like a particular musician – It's not hard to see how this could lead to dangerous situations.
So – Risk No3. Is it worth telling the entire world about who you are, where you are, what you like? Consider those individual pieces of your data being collected to build up a profile of you.
The Internet and WWW is an amazing place with so much to offer, but be careful of the price you might have to indirectly pay to access these delights.
Stay informed, stay safe!
QA offer numerous cyber security related courses that cover phishing attacks and what to look for and how to protect yourself. See our website for more details - cyber.qa.com
Mark AmoryMark Amory has been specialising in cyber security training for 15 years and is the author of several of QA's cyber security courses, as well as the 2017 NCSC CyberFirst Academy.
More articles by Mark
What is a DDos attack? And how can I protect my devices against botnets?
Massive cyber attack on US government and companies underway
Pi-Hole: The DIY ad-blocker & malware defender all in one box
What is ethical hacking?
Mac attack! Apple malware on the rise
How random is random?
Sometimes an attack might be right in front of your eyes!
Who you gonna call?
Denial of Service attack for iOS devices