Leakage of personal information to the Internet

 
Apply for SearchInform DLP TRY NOW

Personal information may be stored on the Internet, but it is not secure to do so. Each user is advised to know the minimum precautionary rules and follow them in order not to fall into the hands of scammers. Leaks of personal information on the Internet can provoke problems in your personal life, at work, and financial losses. Every user at the minimum level, even one who has nothing to hide from the authorities or government services, can suffer from identity theft.

What is personal data on the Internet?

The Law "On Personal Data" indicates that any information that can become the basis for determining a person's identity is considered personal. For example, the most commonplace information is the user's first and last name, his residence address, year of birth, as well as profession, passport data, and income. But ordinary passwords from networks or postal addresses do not fall under the category of personal data.

To open access to such information is the right only of its owner. That is, a person independently agrees to have his postal address or telephone number known. Also, at the request of a person, this data can be made classified again.

Places of saving information on the Web

All personal information is stored on servers. The servers with the maximum capacity are located in America, where the representative offices of large Internet resources are located. For example, the Russian company Yandex has a number of servers (up to 100 thousand) in the Ryazan region, which are located on the territory of a former machine-building plant. Additional data centers are available in Holland, Finland and America. Mail.Ru Group has 5 data centers in the Russian Federation, and also rents servers abroad. But over time, there will be more data centers in Russia due to a new law obliging to store user data on the territory of the country.

Why do we need personal data and who gets it?

Personal data allows you to get a lot of useful information not only to fraudsters, but also to various companies around the world. This information is expensive, so Internet resources sometimes deliberately decide to declassify databases for the benefit of companies or the government. There are several confirmations of this fact.

For example, relatively recently, Facebook has opened paid access to its databases. Now, for a certain amount of money, companies from all over the world can view information, as well as conduct polls among resource users, for example, about their new products. Companies can also conduct surveys based on personal data about sexual preferences or marital status.

The service or social network MySpace began to collect personal data and distribute it among companies in 2007. The main goal of this step is to optimize the advertising processes on the site. Employers of American companies are also regularly interested in personal data for the selection of employees according to the required profile parameters. For example, the results of an independent study by Careerbuilder showed that about 45% of employers collect information about candidates on social media.

The behavior on the resources should be as careful and prudent as possible. Up to 35% of employers found information on social networks that influenced the refusal of a candidate. The HR department may not like the candidate's statements, his photographs that are inappropriate for a particular position, bad comments on the wall from other users.

On the other hand, information about a person is of interest to scammers. For example, in 2017, the number of identity thefts increased by 600%. Software is being actively developed to steal information and go unnoticed.

How is personal data leaked?

The leakage of personal information on the Internet occurs according to certain schemes and channels. Fraudsters choose the least secure option. For example, information outside the company can be brought out through such channels as:

  • HTTP hypertext transfer protocols. This protocol acts as a full-fledged basis for using any Internet resource. A fraudster, after using the protocol, can disclose information, that is, place it in free access. Personal information in the future can be displayed on forums, blogs, any pages of sites. Even unauthorized persons can see it, and all files can also be transferred via e-mail to different servers;
  • peer-to-peer protocols of P2P networks. The most popular peer-to-peer BitTorrent networks, eMule allow users to transfer information among themselves, as well as exchange files. If these operations are not monitored and protected, fraudsters using protocols will be able to transfer personal data over the network;
  • FTP file transfer protocol. It can be used to copy classified data to external file servers that are located on the Internet;
  • SMTP e-mail transmission protocol. The fraudulent scheme consists in sending a letter with an attached confidential document to an external e-mail address, from which you can get confidential information in the future;
  • protocols of programs for instant message reception, so-called messengers. For example, ICQ, Windows Messenger, Telegram, AOL. These channels of information leakage can be used for inconsistent transfer of files with confidential information between several subscribers.

Ways to keep your privacy without information leaks

After connecting a PC or other device to the Internet, you need to be prepared for minimal information leaks. All data that gets on the Web automatically becomes vulnerable and available, if desired, to fraudsters. Personal data, in addition to scammers and swindlers, are also of interest to CIA agents and the FSB. All these companies are looking for information on the basis of which they form databases for quick tracking of a person or access to him. But in any case, there are ways to protect information from major leaks. To protect your data, you can use a number of methods or choose the simplest and most understandable:

  • Encryption of information.

NSA encryption companies have already admitted the possibility of eliminating the global encryption standard, so the method is gradually losing credibility. But today this technique is still relevant and can protect against frequent attacks. OpenVPN and AES are able to provide a sufficient level of protection against all scammers on the Internet, as well as protect a person from potential threats.

  • Regular password change.

All the troubles and breaches of confidentiality began after the release of the open source protocol, namely SSL. Based on this, the Heartbleed bug has become one of the most massive threats to security systems on the Internet. It is the SSL code that is most often used as the main algorithm of actions on the Web, and it is used not only by VPN companies, but also by cloud storage facilities and banking structures. On the basis of the sensational error Heartbleed, fraudsters gained access to classified data and stole the passwords of most of the Internet users. Therefore, we recommend that you change all passwords on a regular basis to avoid re-stealing data from servers.

  • Browser protection.

Tracking and monitoring data in a browser can be done not only by the NSA or fraudulent companies, but also by the creators of the browsers themselves. This data about requests and visited pages is stored for statistics and the submission of advertising offers in the future. To protect yourself from such intrusive offers and from tracking the history, it is advisable to at least clear cookies, traffic history.

You can also choose a browser that provides the function of anonymous surfing the Web. This will allow you to visit the pages and not bump into intrusive and unnecessary ads. Advertisers' cookies can then be blocked.

  • Email security.

The primary focus of email resources is to address the weaknesses of SSL. You need to choose large providers that are interested in data privacy. Smaller providers often leak personal information to advertisers in the hopes of making a profit from the databases they provide. Trusted providers offer a secure and encrypted connection between the sender and receiver servers. Including security and privacy have increased by Google.

Information about the recipient's email address, as well as its subject matter, also becomes vulnerable. All sorts of leaks can be fixed by installing Pretty Good Privacy - improved email programs.

  • Protection of telephone conversations.

When talking about the use of phones or smartphones, you need to consider that information is tracked by telephone towers. This technology has nothing to do with GPS, it works even in the absence of 3G coverage and a mobile Internet connection. There is no way to protect yourself from this type of tracking except for abandoning your smartphone. Also, during conversations, all information can be recorded. To avoid this kind of surveillance and leakage, it is necessary to use the Voice-Over Internet Protocol, which encrypts data at both ends.

  • Using a safe internet search engine.

Search engines are owned by large companies. They are constantly optimizing their processes and have the ability to monitor users. For example, Google and the search engine of the same name are able to record the number of requests, their time, cookies, and the user's IP address. All data is recorded on web pages, where other information about the user is subsequently entered. Based on the data received, the company can issue contextual advertising, but the same data can be used against a person, especially if scammers get to them.

As soon as the NSA announced it was spying on the Web, the popularity of confidential search engines such as DuckDuckGo skyrocketed. The site was available on the "lower" Internet and on the Tor network. The search engines YaCy, StartPage and Gibiru are less popular than the previous version, but their advantage is that they do not create filter bubbles, new search terms do not appear over time.

  • Cloud storage capabilities and protection.

The method of storing data on the clouds of different companies is gaining popularity, as it saves space on PCs and other storage media. All cloud services have a significant disadvantage, which is the close cooperation of the server companies with federal government services. The world companies Amazon, Apple and Google have admitted such cooperation. Therefore, in order to secure your data in the clouds, you need to encrypt it yourself before uploading it to the storage, or use the cloud with automatic encryption.

  • Application of firewall, anti-virus programs.

One of the easy ways to ensure the security of the data received from the Internet is to install an anti-virus software package. At the same time, it is recommended to update all software regularly. It is viruses that can provoke information leakage at the basic level of one user, as well as a large company. Antivirus programs can even be installed on smartphones. Protection against leaks of files and valuable personal data will be provided.

Minimum recommendations and nuances of protection

It should be understood that standard commercial programs and accompanying software do not have an adequate level of information protection. It is not recommended to trust unknown programs and install unnecessary software on the media. If the user has the opportunity, it is recommended to switch to non-commercial versions of the software, as well as to free operating systems, without windows built by the NSA. For example, Ubuntu software is less popular and more complex than Windows. But this operating system has a high degree of protection against attacks, it is more secure.

Also, additional protection will be provided by virtual machines that are used while on the Internet. The essence of the programs is to imitate working with the operating system as if it were running on a hard disk. The advantage of such software is to shield the host computer from attacking hackers and viruses. The virtual machines themselves can be further encrypted.

Do large companies share information and personal data with government authorities?

It is legally considered that the release of information is the seizure of documents. The process can be carried out only by a preliminary court decision. That is, a full-fledged criminal case is drawn up, on its basis a request is made to obtain personal information from the Internet in the presence of two witnesses. The process itself rarely occurs, about 5-6 times a year. For example, Google received about a hundred requests from authorities from different countries, and gave information on reasonable grounds only in 3% of cases. Sites "VKontakte" and Mail.ru said they did not keep statistics on the information issued.

If a person does not want to become a victim of fraudsters, but wants to keep his confidential information out of access, you must fulfill all data protection requirements yourself. Some methods do not require special knowledge in the field of computer technology. It is important to monitor your behavior on the Internet and remember that all information that gets on the Web automatically remains there forever.

15.12.2020