Is this Secure? Does this protect my privacy?
The first question I hear regularly from people building technologies. The second, from those who use that tech. These questions are two sides of the same issue.
Security and privacy are inextricably linked.
There are formal definitions for both but their goals can be stated simply.
Cybersecurity aims to make sure that the system you are building works as intended and only as intended.
Digital privacy is the assurance that the system you are using only uses the data you intend in the way that you consent.
How do you convey intentions in a digital world?
If you searched for sneakers, it would be reasonable to expect ads for sneakers among the other results. You’ve explicitly expressed, “I’m interested in sneakers.”
There’s a clear line between the action and result.
But why do those sneaker ads follow you around throughout the day?
Reading the news, watching sport highlights, shopping for groceries; sneaker ads.
When the teams built those sites or even the browser you use to view it, did they intend for you to be tracked in this way? Originally, no.
The technology that enables this scenario combines existing standards and stretching features into new uses.
The browser you’re using right now has a relatively unique “fingerprint.” It’s a combination of the features available, your system, where you other, and other factors.
Each of these factors has a different and understandable use.
Yet they are also being used in an unintended way to track you. And there’s a lot more data than you intend being shared about it.
This common and widely accepted workflow violates both the goals of security and privacy.
Why? Because security and privacy were never first class considerations when these systems were built.
Security and privacy were bolted on afterwards and that continues to cause major issues for all of us daily.