Scitech | To share or not to share

How to protect your virtual identity

With the growing place that technology takes in our lives, our identities have become a currency. This trend is best symbolized by the Facebook Connect button that has appeared on many websites since its unveiling during the F8 developer conference in 2008 – it offers a simpler way to register for and use services in exchange for access to your Facebook information. In the same spirit, as our smartphones become extensions of ourselves, we are pressed to store more and more sensitive information on them through third-party mobile applications (such as mobile banking apps) or device features like Apple Pay and Google Wallet. While we are spilling information everywhere around us, we are within our rights to ask: “Is my identity still safe?”

The impact of identity theft and identity fraud in Canada

Identity theft and identity fraud are much more serious than leaving your Facebook logged in at a public computer and getting silly comments posted on your timeline. It’s a problem that comes with serious and ever-growing monetary losses: in 2012, Canadian identity fraud victims (around 17,000 reported) lost a collective sum of about $16 million to various theft schemes – that’s an average of 1,000 bucks per person!

“But how does that affect me?” you might ask. Well, while the majority of victims are older and sometimes less ‘street-wise’ with newer technology, a sizeable part of the loss mentioned earlier is attributed to people between 20 and 29. Moreover, as with all social statistics, we can presume that there are lots of unreported cases that we can’t quantify here.

How can my identity be stolen?

Forgetting your wallet at the coffee shop isn’t the only way to put your identity at risk: technology being the double-edged sword that it is, it can play against you every once in a while. Let’s focus on two risk factors for now: social networks and mobile applications.

Think about all the information we are storing on social networks nowadays: name, exhaustive list of friends, location, personal pictures – some even provide phone numbers and personal emails! While classic identity fraud (issuing credit cards under your name, for example) is hardly achievable with that kind of data alone, there are plenty of other nasty things that can happen. For instance, according to annual reports from security companies like Trustwave, the most popular passwords are still either very simple words or elements related to our personal lives such as dates and names. Knowing this, access to a well-curated Facebook page can very quickly lead to a positive match on your Paypal password and from there, emptied bank accounts: anything that can help answer security questions linked to your account can be used against you. Just think of how security questions are more often than not formatted as “What’s the name of your childhood pet?” – Exactly the kind of information that could be found on your social profile.

Putting too much trust in mobile applications can have you suffer the same fate. According to Gartner, a leading information technology research and consulting company, most apps wouldn’t pass basic security tests. In its report on its 2014 Security and Risk Management Summit, Gartner concluded that “Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security.” And this is not limited to enterprise apps: you can easily figure out that if big-budget companies can’t do it, smaller developers face those challenges as well. Now think of what kind of information you store in apps daily: some of you might use banking applications, others may use software like the campus-oriented apps we reviewed – is that information really as safe as you think it is?

We live in a time where everything is bound together in a web of information and where we became information ourselves, it is thus essential that we preserve our identities.

This question is especially relevant in our society as we are constantly pressured to share information through the of social profiles on websites and services that aren’t explicitly meant for social networking (think about news websites that allow and encourage users to create exhaustive personal profiles in order to comment on articles) yet assumed to be fully responsible of ensuring our own security as well as in the case of a security breach.

Covering all bases and protecting yourself

Fear not, the world is not full of thieves and mischievous individuals – but you still need to actively take part in protecting yourself against threats.

A good first step can be to limit the kind of information you publicly display on social networks such as Facebook. By adjusting privacy settings or leaving some fields blank, you can save yourself a lot of trouble. Be wary of who you give information privileges to and keep track of who can see what.

The same idea applies to mobile applications: don’t let your smartphones be enemies. Of course, there is very little you can do about enterprise apps being unsafe other than not using them or at least, keeping an eye on them. It’s for apps developed by smaller groups that it becomes interesting because you can often have direct contact with the developers themselves and ask questions. Some apps are even open-sourced so that you can take a look at how your security is ensured! Of course, that last solution is for the tech-savvy. The easier alternative is to contact the teams behind your favourite independent applications and ask how your safety is taken care of and how your information is used, stored and disposed of – more likely than not, they will be happy to answer your questions and to provide reassurance to their user-base.

The barrier that was once erected between online and offline is no longer standing and neglecting to consider that could lead to grave consequences.

Moreover, choosing what you install on your phone wisely is important. Much like the Terms of Use agreements that pop up at every software install and update, app permission requests are often ignored and clicked away. Before installing an application, it’s always good practice to evaluate what it should have access to to achieve its function and to compare that to the permissions it actually asks you: software asking for too much access should raise red flags.

In the end, identity security is mostly about behaviour. Keeping track of what information is disclosed, making sure to tie loose ends such as old profiles and accounts and being wary of online services that require sensitive information. However, that doesn’t mean that the corporations and groups that produce apps and online content are exempt of responsibilities – of course service providers need to ensure that their users are protected from threats on a software level. Everyone has its role in identity protection: users need to be aware of what they share and the provider should handle this shared information in a manner that won’t compromise those who put trust in its products.

Being a generation brought up with technology that hasn’t seen the transition from the non-technological age, it might be easy for a sizeable amount of us to put too much trust in the devices and services we use daily since they’ve always been there for as long as we can remember, but despite that we should keep information security in mind. We live in a time where everything is bound together in a web of information and where we became information ourselves, it is thus essential that we preserve our identities. The barrier that was once erected between online and offline is no longer standing and neglecting to consider that could lead to grave consequences.


Comments posted on The McGill Daily's website must abide by our comments policy.
A change in our comments policy was enacted on January 23, 2017, closing the comments section of non-editorial posts. Find out more about this change here.