Call 0845 485 1219
With more and more of us spending our time online these days, socialising with friends, connecting with colleagues and doing a bit of shopping, we are having to put much more of our trust in the online brands than we ever used to.
Companies like Google, Apple, Facebook, Linkedin and Amazon have large shares in their respective markets and much of their success can be attributed to the levels trust the users have in services and security they offer. In this post I aim to highlight the reliance some of these online brands have on the trust users have in them and what could happen if users lose faith.
Fairly recently there have been stories in the news highlighting areas where these brands have been hacked, have lost data and in some cases have, through their own design, created loopholes or situations in which they have breached the trust of their users and the laws they are governed by.
This post may well be a little ambitious and it could end up being far too long for you to want to read so I will endeavour to be concise and hopefully inspire some good debate in the comments at the bottom. We all love a good argument so please be sure to say what you think and let’s see where it goes.
So, recently many of you will have heard that Linkedin was hacked. This security breach meant that of the 161 million users worldwide around 6.5 million hashed (encoded) passwords were leaked onto a Russian forum. Of that 6.5 million, it was reported that nearly 200,000 passwords were cracked. In the grand scheme of things, losing only 4% passwords in a hashed format and only 3% of the entire social networks passwords being cracked isn’t the end of the world. I don’t know about you, but although my account wasn’t hacked I changed all my passwords as a matter of precaution.
The real problem wasn’t that users had to change their passwords or that (in all probability) they were in any danger. The problem was that the trust that users placed in the network’s security when they uploaded their contact details, CV’s and shared confidential information was shaken. This knock in this trust in some ways will have made many users more aware of what they are sharing with the network.
In overall terms I don’t believe it cost the network a large amount of users, if any. It does serve as a good example of how much trust a user places in a network like Linkedin when they share their information and how easy it can be to have that trust shaken.
Another example of a security breach that will have knocked user confidence is the recent hack performed on Apple’s iCloud and Amazon.
Brands like Apple have made a killing in the markets in the last few years. First was the iPhone followed by the iPad and most recently the iCloud service. All of these individual elements of their product range encourage users to remain within their environments to save contact information, documents and create a seemless link of the users content across all their devices. Users have linked all their devices content together across the iCloud safe in the knowledge that it is a closed environment that they alone have access to…. Or so it seemed. A senior writer at Wired.com exposed vulnerabilities in both Apple’s and Amazon’s security practices, after the companies gave a hacker access to his personal details over the phone. This hacker gained access to the writer’s Apple account, which resulted in his Ipad, Iphone and Macbook being wiped.
Amazon deemed the last 4 digits of a user’s account unimportant enough to display on the users account page however Apple considers the very same 4 digits secure enough to verify a user’s identity. It was by exploiting this security flaw in both companies’ customer services systems that the hacker gained access to the seemingly closed environment Apple created with their iCloud service.
There are several considerations to be made here; if a user loses trust in huge brands such as Apple and Amazon in providing a secure platform for storing all their important content and personal details, who can they trust with it? Their dominance in their respective markets is a great asset in promoting their products to customers.
Amazon, in a similar way, makes using their environment so convenient (once your personal details are stored) to make quick purchases. With Apple if you already had the iPhone for example you may be more inclined to buy the iPad rather than the new Google Nexus 7. This is because, not only are you used to the user environment, all your content is seamlessly shared across all your devices. To the average user, being perhaps less tech savvy, it is more convenient to stay in the environment you are already in rather than taking the time and effort to migrate to Google Drive for example.
So what happens when your confidence in the security of the closed environment you manage all your content is knocked? Well it’s not easy to make it any more secure if you have already shared your details with them and not to mention the fact that the environments are closed to the point where you simply cannot change their security yourself. As I mentioned, migrating to a similar product may not be easy or even possible. If you own an iCloud integrated device, migrating to a non-integrated cloud service would mean learning a new environment, circumventing the constraints of iOS and moving all the content over. It would seem then that your only option would be to remain vigilant over your account, hope it doesn’t happen to you and that the security holes are plugged.
What this says is that if you put trust in a brand, specifically a large one in which you rely on to support the majority of your content, you should be careful what you put in it, ensure that you have a strong password (Password1 probably won’t cut it) and remain vigilant.
I am not saying that everyone should abandon larger services because of one hack. The services themselves and the powerful environments they provide definitely outweigh the risks in relying on them wholly.
Facebook!… What do you think of when you think about Facebook? Friends? Sharing pictures? Updating your status saying what you had for breakfast in the hope of a ‘Like’ or comment about sausage varieties? Do you think about your privacy or trust in the use of your personal information?
Ever since Facebook started, people have been sharing, commenting, uploading and filling the network with their own or shared content. This is great as its part of the concept of the social network. However as more and more people share their personal details and content they are also opening themselves to (some) apps that use their personal information to their own gain. Also, users are putting their trust in the ever-changing privacy policies and the security Facebook has protecting their information.
To protect the user and their confidential information from malicious software and clickjacking scams Facebook has been pretty active with security sometimes too much so. They also introduced SSL encryption to increase security within the site. Ultimately, in many ways Facebook being a free to use service runs on user trust and it cannot afford to lose that. Even if it is the biggest social network on the planet, the people who make it so huge have to be happy with the level of privacy they receive and trust that Facebook will take steps to maintain their protection of users content from malicious software otherwise it could fall from grace in the future.
Whose hands are the wrong hands?
With big online brands can cause big trust issues from a user point of view. Obviously, in the event of a hack or security breach those ‘wrong hands’ are the hackers who, aside from the seemingly politically motivated hackers of late, are usually after your information for monetary gain rather than to make a statement. This is a security problem that every online brand has to contend with and it is as much a problem for the brand as it is for the users in some cases. This means that as a user you have to trust that the security procedures created by the service you use are in the interests of protection of yours and their data.
The trouble usually comes when the ones given the keys to the gates protecting your information use it to their own end. There have been stories from anonymous Facebook employees detailing that Facebook staff widely used a “master password” that unlocked access to anyone’s account. Use of this password has been “deprecated,” i.e. discouraged, implying the password might still exist and work. What was the password? “With upper and lower case, symbols, numbers, it spelled out ‘Chuck Norris,’ more or less.” Great!
The same Facebook employee was aware of at least two coworkers being fired for abusing their access to profiles and that Facebook employees can “just query the database” to find your Facebook messages.
I know stories like this are few and far between, but it is something to think about. What if the same people you share all your photos, personal information, location details and in retail sites, payment information cannot be completely trustworthy? It’s all well and good to trust the T’s & C’s for the service you are using but what is there to control the actual people who have access to it all? All it could take is one big breach in privacy for all trust in that service to be lost.
What can you do as a user? Again, you don’t have many choices. You will have to place trust in the internal controls over staff that have access to your information and have the ability to manipulate it in any way they choose, should they feel the inclination.
(You can read the full interview here http://therumpus.net/2010/01/conversations-about-the-internet-5-anonymous-facebook-employee/?full=yes )
Google as we all know started as a search engine. It simply gave users a list of results based on what they put into the search bar. As it grew more and more popular they endeavoured to bring users results that were more relevant to their search query. This is primarily how they got so popular. They got the initial algorithm’s right enough to show the user the most relevant results, the user got what they wanted and then chose to come back to Google for their next search query. Brilliant! Users trust that Google are showing them the most relevant sites based on what they asked for (and a multitude of other factors these days) and the user clicks and is happy with the result.
There is no question that they still provide users with useful, tailored and relevant results but now more than ever your personal data is being used to provide these results. ‘Excellent’, I can hear you saying, but their other main aim, like any business, is to make money and Google are very good at it!
Making money is not a bad thing and Google made $29.3 Billion in 2010 through AdWords alone; their profits are gargantuan! AdWords, fundamentally is based on the same principle as the search network with users being shown paid Ads that are most relevant to the search query they make. The paid element where Google make their money comes from the website that pays for the Ad to appear. They are charged per click and Google score the quality and relevance of the Ad based on the keywords targeted and the landing page of the Ad. This way Google rewards well targeted and relevant Ads with prime positions and cheaper click costs as well as giving the user what they wanted when they searched which increase the chances of them returning to Google.
The problem with trusting this Ad system has been brought into question recently when the Federal Trade Commission in the USA fined Google $22.5 million for violating user privacy on Apple Safari browser data. It had found that Google had been using tracking cookies on their sites for Apple Safari Users even if in their account settings they had denied this access to their cookies.
This data was also used to send targeted Ads to the Safari users. Although the Ads are targeted to your search and browsing history so should be relevant to what you want it is a violation of the trust between the user and the provider. So when the user trusts that the information being shown relevant and is gathered legitimately, they should also be aware that it the search giant may be exploiting a loophole by design to make more cash for the Christmas party.
This violation, albeit small, is just one of many trust issues created by the search giant and as the core of the business is built around maintaining the trust that the user has in the results provided to them. If this is lost through violations of that trust, even in unrelated violations to search, the overall trust in the brand will be reduced. Google has such a huge market share though I sincerely doubt that they will quake in their boots too much when slapped with a fine or two and people’s memories are short so trust in the brand as a whole should be able to swallow up any distrust.
Enough Google bashing from me! If you do want a little bit of fun after reading this search ‘zerg rush’ in Google and post your scores on Google+….. You have Google+ don’t you?
What can we do?
I don’t want to suggest to anyone that we boycott the big brands or great services that are available online just because of a few hacks, security breaches or bad apples working for them. What I suggest is that users take the time to check that their privacy settings on their accounts are unique and difficult to guess. Using Password123 or your name is probably not as safe as you might think even if it is easier to remember.
There is nothing you can really do to stop hackers or brands from misusing the information you have uploaded; but it shouldn’t stop you from being a little cynical about what you share in the future and what their motives might be for changing privacy settings or wanting more access to your information.
All the while Google don’t run the world we should make the most of being able to decide what we share and with whom we share it.
I welcome your opinions and hope you enjoyed reading.
Security concept with a lock via BigStock
Copyright © 2006 - 2014, Koozai Ltd